search

dlenski / what-vpn

Identify servers running various SSL VPNs based on protocol-specific behaviors
GNU General Public License v3.0
81 stars 17 forks source link

SSL errors #5

Closed DimitriPapadopoulos closed 2 years ago

DimitriPapadopoulos commented 2 years ago

How do I get past SSL errors?

$ what-vpn vpn.nl.edu
vpn.nl.edu: SSL errors (tried 1/12 sniffers)
$

CSCOE

See also https://github.com/dlenski/gp-saml-gui/issues/37.

DimitriPapadopoulos commented 2 years ago

Also see #6.

Creating a custom OpenSSL conf file and pointing to it with OPENSSL_CONF does the trick:

$ cat >> ~/openssl.conf
openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation
CipherString = DEFAULT:@SECLEVEL=1
$ 
$ OPENSSL_CONF=~/openssl.conf what-vpn vpn.nl.edu
vpn.nl.edu: Cisco AnyConnect
$

But then it would nice to be able to do that programmatically.

DimitriPapadopoulos commented 2 years ago

See https://github.com/psf/requests/issues/4775#issuecomment-478198879.