Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 486502

Summary: net-misc/openconnect with dev-libs/openssl-1.0.1e-r1 - error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:1166:SSL alert number 40
Product: Gentoo Linux Reporter: Urmas Rosenberg <photourmas>
Component: Current packagesAssignee: Matthew Schultz <mattsch>
Status: RESOLVED INVALID    
Severity: normal CC: commando2004, hasufell, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Urmas Rosenberg 2013-09-29 19:35:47 UTC 
emerged dev-libs/openssl-1.0.1e-r1


Reproducible: Always

Steps to Reproduce:
1. emerge dev-libs/openssl-1.0.1e-r1 (eg latest stable)
2. create vpn tunnel with openconnect
3. to run openconnect correctly, install =dev-libs/openssl-1.0.1c
Actual Results:  
CSTP connected. DPD 30, Keepalive 30
Connected tun0 as xxx.xxx.xx.xxx, using SSL
DTLS handshake failed: 2
DTLS handshake failed: 1
140022422464232:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:1166:SSL alert number 40


Expected Results:  
CSTP connected. DPD 30, Keepalive 30
Connected tun0 as xxx.xxx.xx.xxx, using SSL

Has been discussed other places too, current and effective solution is to downgrade openssl:
http://comments.gmane.org/gmane.network.vpn.openconnect.devel/531
http://web.archiveorange.com/archive/v/wmeLDreq3d9oTYKS5t5Z
http://lists.opensuse.org/opensuse-bugs/2013-05/msg02781.html

Probably >dev-libs/openssl-1.0.1c should be marked as unstable, unless there is some easy way to batch the problem.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2013-09-30 13:27:30 UTC 
(In reply to Urmas Rosenberg from comment #0)
> Has been discussed other places too, current and effective solution is to
> downgrade openssl:

solution => workaround
Comment 2 Matthew Schultz 2014-03-17 16:23:33 UTC 
Is this still an issue?
Comment 3 Urmas Rosenberg 2014-03-20 05:26:20 UTC 
Hi Matthew. Just removed mask from openssl, updated to latest openssl (dev-libs/openssl-1.0.1f) and recompiled openconnect (net-misc/openconnect-4.08) and seems, that problem is gone - no problems when connecting over VPN && RDP. Bug can be closed. Thanks.