openconnect_SSL_printf(vpninfo->https_ssl, "X-DTLS-Master-Secret: ");
for (i = 0; i < sizeof(vpninfo->dtls_secret); i++)
openconnect_SSL_printf(vpninfo->https_ssl, "%02X", vpninfo->dtls_secret[i]);
- openconnect_SSL_printf(vpninfo->https_ssl, "\r\nX-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA\r\n\r\n");
+ openconnect_SSL_printf(vpninfo->https_ssl, "\r\nX-DTLS-CipherSuite: %s\r\n\r\n",
+ vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA");
if (openconnect_SSL_gets(vpninfo->https_ssl, buf, 65536) < 0) {
vpninfo->progress(vpninfo, PRG_ERR, "Error fetching HTTPS response\n");
{"passwd-on-stdin", 0, 0, '5'},
{"no-passwd", 0, 0, '6'},
{"reconnect-timeout", 1, 0, '7'},
+ {"dtls-ciphers", 1, 0, '8'},
{NULL, 0, 0, 0},
};
printf(" --cookieonly Fetch webvpn cookie only; don't connect\n");
printf(" --printcookie Print webvpn cookie before connecting\n");
printf(" --cafile=FILE Cert file for server verification\n");
+ printf(" --dtls-ciphers=LIST OpenSSL ciphers to support for DTLS\n");
printf(" --no-dtls Disable DTLS\n");
printf(" --no-passwd Disable password/SecurID authentication\n");
printf(" --passwd-on-stdin Read password from standard input\n");
case '7':
vpninfo->reconnect_timeout = atoi(optarg);
break;
+ case '8':
+ vpninfo->dtls_ciphers = optarg;
+ break;
case 'C':
vpninfo->cookie = optarg;
break;