Received: from smtp.ungleich.ch (smtp.ungleich.ch [185.203.114.86])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 626B67811B0
	for <~alpine/devel@lists.alpinelinux.org>; Wed, 10 Aug 2022 07:44:47 +0000 (UTC)
Received: from bridge.localdomain (localhost [IPv6:::1])
	by smtp.ungleich.ch (Postfix) with ESMTP id 9827120089;
	Wed, 10 Aug 2022 09:41:42 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ungleich.ch;
	s=202201; t=1660117302;
	bh=JD3z/ViFG1NqAOOF6ziWIvXCFUDIXXO0HNaKBEBatjg=;
	h=References:From:To:Cc:Subject:Date:In-reply-to:From;
	b=gerCLq1lGZwnDncRdDhQQRyNMxoIf/j0FaZAD5rzPl2znIPPuz097sLo9HOEj3yMa
	 mP3zg86C7AZCoG29Qs0EWBtMJH5PSQvZ6nhkDIXAgkRr3/AqSDpO3RsaX0+lytYI5V
	 CEiBoAtoOv258ynbw3KRBvGX26MJ7DbBE9ydQ4+y36VDQV108lppwKByzAmtfQy3Ui
	 bTNQzxpPZUSW1aSMdd9FS1BwZ9QlfQxFEqxKjXcF+xG4nXc/4NC8PPUoHTZLup7SXt
	 SpRXYgUX6iaMGOPEe3WIIHYja5DFrS2hBKnEvt7n45fgsfRgN/bXTZF1o2Uaf5L5Jj
	 q1aoS/5FlrytQ==
Received: by bridge.localdomain (Postfix, from userid 1000)
	id 70A511A762B9; Wed, 10 Aug 2022 09:44:45 +0200 (CEST)
References: <20220803105631.77d1cc2c@ncopa-desktop.lan>
 <87iln2cxo3.fsf@ungleich.ch> <CM1BYFL1Z0CV.1N3D8RDVZGD68@sumire>
 <CM1CKNLBCLYI.24J4143ZN5GVQ@sumire> <87lerx7r2v.fsf@ungleich.ch>
 <CM1DK3ZAE2Y8.39QF72R3QZIXW@sumire> <87k07h5wx1.fsf@ungleich.ch>
 <CM1KQ867KH38.2A80PZLFY815T@sumire>
User-agent: mu4e 1.7.27; emacs 28.1
From: Nico Schottelius <nico.schottelius@ungleich.ch>
To: alice <alice@ayaya.dev>
Cc: Nico Schottelius <nico.schottelius@ungleich.ch>, Natanael Copa
 <ncopa@alpinelinux.org>, ~alpine/devel@lists.alpinelinux.org
Subject: Re: OpenSSL 3 pushed to git master
Date: Wed, 10 Aug 2022 09:42:44 +0200
In-reply-to: <CM1KQ867KH38.2A80PZLFY815T@sumire>
Message-ID: <8735e45yqa.fsf@ungleich.ch>
MIME-Version: 1.0
Content-Type: text/plain


Hey Alice,

"alice" <alice@ayaya.dev> writes:

> On Tue Aug 9, 2022 at 11:22 AM CEST, Nico Schottelius wrote:
>>
>> I verified three times that the content is correct - is it possible that
>> not every app linked against openssl actually loads the configuration
>> file?
> seems some don't. i was naive..

Same same ...

> however: `openconnect --allow-insecure-crypto` seems to work for me (no
> more insecure renegotiation message).

... after suggesting apps should have that, the one app that fails does
actually have the i-am-sure-insecure-is-fine-with-me flag.

And as you said, it actually works.

Meanwhile, I have raised an issue with the VPN provider, but my
expectation is that it won't be fixed that soon.

Best regards,

Nico

--
Sustainable and modern Infrastructures by ungleich.ch