https://bugs.kde.org/show_bug.cgi?id=472828
Bug ID: 472828
Summary: Unable to connect to SSL-VPN on Cisco Adaptive
Security Appliance running ASA OS older than 9.16 when
compiled with openssl-3.0.x
Classification: Frameworks and Libraries
Product: frameworks-networkmanager-qt
Version: 5.108.0
Platform: Gentoo Packages
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: plasma-b...@kde.org
Reporter: nvaert1...@hotmail.com
CC: lamar...@kde.org, lukas.ti...@merlin.cz
Target Milestone: ---
SUMMARY
***
Whenever you try to make a connection with openconnect to a Cisco Adaptive
Security Appliance running ASA OS lower than 9.16, openconnect (compiled with
openssl-3.0.x) refuses to connect and shows the following error: SSL connection
failure
xxxx:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation
disabled:../openssl-3.0.9/ssl/statem/extensions.c:893:
There is a workaround, this is by connecting via the CLI using the
--allow-insecure-crypto parameter, but KDE does not have a option in the
graphical interface for toggling the option, giving a inconsistent user
experience.
***
STEPS TO REPRODUCE
1. Make a VPN connection using openconnect (via networkmanager-qt) compiled
with the openssl-3.0.x library to a Cisco ASA running ASA OS older than 9.16.
2. Observe the result
OBSERVED RESULT
xxxx:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation
disabled:../openssl-3.0.9/ssl/statem/extensions.c:893:
EXPECTED RESULT
A working VPN connection
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Gentoo Linux 2.13 / KDE Plasma 5.27.6
KDE Plasma Version: 5.27.6
KDE Frameworks Version: 5.108.0
Qt Version: 5.15.10
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
