![]() ![]() Newer versions of Cisco's An圜onnect clients and servers support DTLS 1.2 in its standardized on-the-wire form ( RFC 6347), though they continue to use a non-standard mechanism (based on session resumption) for DTLS key exchange. Because of this, it was difficult to make OpenConnect implement a Cisco-compatible version of DTLS without linking against OpenSSL.Įxplicit support for Cisco's non-standard version of DTLS was included in OpenSSL 0.9.8m (where it is known as DTLS1_BAD_VER) and then GnuTLS 3.2.1 (where it is known as GNUTLS_DTLS0_9). ![]() ![]() DTLS Ĭisco's proprietary An圜onnect clients and servers were originally built against a patched, 2007 release of OpenSSL 0.9.8f, which implemented a pre-release version of DTLS that was not compatible with DTLS 1.0 as standardized in RFC 4347. The DTLS protocol used by Cisco An圜onnect servers was based on a non-standard, pre-release draft of DTLS 1.0, until support for the DTLS 1.2 standard was added in 2018. Protocols Cisco An圜onnect Ĭisco An圜onnect VPNs utilize TLS to authenticate and configure routing, then DTLS to efficiently encrypt and transport the tunneled VPN traffic, and can fall back to TLS-based transport where firewalls block UDP-based traffic.
0 Comments
Leave a Reply. |