On Mon, Apr 11, 2022 at 6:00 PM Dan Lenski <email address hidden>
wrote:
> > My feeling is that curl should set the SSL option when -k is used.
> openconnect itself sets this option already, it was fixed in commit
> c8dcf10
>
> If you replace the cURL invocation in the CSD/Trojan script with…
>
> ```
> OPENSSL_CONF=/dev/null curl <usual options>
> ```
>
> … does this make it work? (For some hints about how/why it should work,
>
On Mon, Apr 11, 2022 at 6:00 PM Dan Lenski <email address hidden>
wrote:
> > My feeling is that curl should set the SSL option when -k is used. CONF=/dev/ null curl <usual options>
> openconnect itself sets this option already, it was fixed in commit
> c8dcf10
>
> If you replace the cURL invocation in the CSD/Trojan script with…
>
> ```
> OPENSSL_
> ```
>
> … does this make it work? (For some hints about how/why it should work,
>
No, it didn't change, I tested with:
# OPENSSL_ CONF=/dev/ null curl -k -v https:/ /x.x.x. x/
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (OUT), TLS header, Unknown (21):
* TLSv1.2 (OUT), TLS alert, handshake failure (552):
* error:0A000152:SSL routines::unsafe legacy renegotiation disabled
* Closing connection 0
curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled
Inside ubuntu:22.04 as a docker container just to test curl.
Thanks,
Jason