Comment 3 for bug 1968467
Revision history for this message
| Jason Gunthorpe (jgunthorpe) wrote Re: [Bug 1968467] Re: CSD scripts do not work on jammy | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
79ea94a
(Get the code!)
On Mon, Apr 11, 2022 at 6:00 PM Dan Lenski <email address hidden>
wrote:
> > My feeling is that curl should set the SSL option when -k is used.
> openconnect itself sets this option already, it was fixed in commit
> c8dcf10
>
> If you replace the cURL invocation in the CSD/Trojan script with…
>
> ```
> OPENSSL_
> ```
>
> … does this make it work? (For some hints about how/why it should work,
>
No, it didn't change, I tested with:
# OPENSSL_
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (OUT), TLS header, Unknown (21):
* TLSv1.2 (OUT), TLS alert, handshake failure (552):
* error:0A000152:SSL routines::unsafe legacy renegotiation disabled
* Closing connection 0
curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled
Inside ubuntu:22.04 as a docker container just to test curl.
Thanks,
Jason