I’m one of the upstream OpenConnect developers. Thanks for bringing this to our attention. This is one of a seemingly-endless stream of issues (e.g. https://gitlab.com/openconnect/openconnect/-/issues/211) that OpenConnect users have encountered as a result of distros’ recent mania for enforcing “minimum TLS security levels” on a system-wide level.
It’s a frustrating situation for OpenConnect because users often have to connect to ancient unpatched VPNs to do their work, can’t do anything about the server configuration, and have no real expectation of “security” anyway. > My feeling is that curl should set the SSL option when -k is used. openconnect itself sets this option already, it was fixed in commit c8dcf10 If you replace the cURL invocation in the CSD/Trojan script with… ``` OPENSSL_CONF=/dev/null curl <usual options> ``` … does this make it work? (For some hints about how/why it should work, start with https://gitlab.com/openconnect/openconnect/-/commit/7e862f2f0352409357fa7a4762481fde49909eb8#406e031b8824ea26ae0bf4d7579a1d89e3fb5906) ** Bug watch added: gitlab.com/openconnect/openconnect/-/issues #211 https://gitlab.com/openconnect/openconnect/-/issues/211 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968467 Title: CSD scripts do not work on jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1968467/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
