Skip to content

nmav/openconnect-mine

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cisco's implementation of the DTLS protocol unfortunately does not
comply with the relevant standards. OpenSSL 0.9.8m or newer, and
1.0.0-beta2 or newer, contain a compatibility mode which allows
interoperation with Cisco's servers.

As long as you are using a current version of OpenSSL, you have nothing
to worry about -- everything should work optimally.

Without a suitable OpenSSL, the openconnect client will fall back to
passing packets over the HTTPS connection. This will still work OK, but 
will suffer quite a lot if your connection has packet loss. For details
of why that happens, see http://sites.inka.de/~W1011/devel/tcp-tcp.html

If you insist on using ancient buggy versions of OpenSSL, these are the
patches you require if you want DTLS to work:

For versions of OpenSSL earlier than 0.9.8m, you'll need the Cisco
compatibility support:
	http://cvs.openssl.org/chngview?cn=18037

For versions of OpenSSL earlier than 0.9.8j, a couple of other DTLS
bug-fixes are also required:
	http://cvs.openssl.org/chngview?cn=17500
	http://cvs.openssl.org/chngview?cn=17505