https://github.com/certik/openconnect
copy of git://git.infradead.org/users/dwmw2/openconnect.git
https://github.com/certik/openconnect
Last synced: over 1 year ago
JSON representation
copy of git://git.infradead.org/users/dwmw2/openconnect.git
- Host: GitHub
- URL: https://github.com/certik/openconnect
- Owner: certik
- License: lgpl-2.1
- Created: 2011-03-15T17:54:58.000Z (over 15 years ago)
- Default Branch: master
- Last Pushed: 2015-06-10T14:42:39.000Z (about 11 years ago)
- Last Synced: 2025-02-01T20:13:37.728Z (over 1 year ago)
- Language: C
- Homepage:
- Size: 1.82 MB
- Stars: 2
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.DTLS
- License: COPYING.LGPL
Awesome Lists containing this project
README
Cisco's implementation of the DTLS protocol unfortunately does not
comply with the relevant standards. OpenSSL 0.9.8m or newer, and
1.0.0-beta2 or newer, contain a compatibility mode which allows
interoperation with Cisco's servers.
As long as you are using a current version of OpenSSL, you have nothing
to worry about -- everything should work optimally.
Without a suitable OpenSSL, the openconnect client will fall back to
passing packets over the HTTPS connection. This will still work OK, but
will suffer quite a lot if your connection has packet loss. For details
of why that happens, see http://sites.inka.de/~W1011/devel/tcp-tcp.html
If you insist on using ancient buggy versions of OpenSSL, these are the
patches you require if you want DTLS to work:
For versions of OpenSSL earlier than 0.9.8m, you'll need the Cisco
compatibility support:
http://cvs.openssl.org/chngview?cn=18037
For versions of OpenSSL earlier than 0.9.8j, a couple of other DTLS
bug-fixes are also required:
http://cvs.openssl.org/chngview?cn=17500
http://cvs.openssl.org/chngview?cn=17505