Hi Nikos
On 14/07/2018 20:41, Nikos Mavrogiannopoulos wrote:
What was the total size of the client hello? There was a particular
firewall which would terminate the TLS connection if the client hello
was between 256 and 512 bytes, and it was the reason of rfc7685
extension. You can append %DUMBFW to see if that's the case, and it
will ensure that gnutls' hello is outside that range.
Unfortunately, it's 242 bytes, therefore outside of the range. I've
just tried with %DUMBFW, just for the sake of it, and it still fails.
Oddly enough, gnutls-cli still sends the following extensions when
--disable-extensions is set:
I think it is time to deprecate that option. It is not possible to
negotiate TLS1.2 or TLS1.3 without extensions.
It seems that option only disables some but not all extensions, as it
connected with that option. It only fails with the %NO_EXTENSIONS
option, which disables all extensions. Even though the
--disable-extensions option works, it's a gnutls-cli option and there
doesn't seem to be an equivalent for the openconnect client.
Thanks for your help and patience,
Gareth
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
openconnect-devel mailing list
[email protected]
http://lists.infradead.org/mailman/listinfo/openconnect-devel
