Discrepancy between permitted crypto on OpenSSL vs. GnuTLS builds
On the mailing list a user reports a problem connecting to an AnyConnect server.
OpenConnect built against OpenSSL reports:
SSL connection failure
0020015092010000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:/usr/src/crypto/openssl/ssl/statem/extensions.c:894:I can reproduce this with OpenSSL 3.2.2 on Fedora 41. With --allow-insecure-crypto on the command line, it works for me.
The GnuTLS (3.8.6) build works even without --allow-insecure-crypto. Should it?
That seems like it might be a Fedora crypto-policies question... although the original report was actually on FreeBSD 14.