comply with the relevant standards. OpenSSL 0.9.8m or newer, and

1.0.0-beta2 or newer, contain a compatibility mode which allows

interoperation with Cisco's servers.

As long as you are using a current version of OpenSSL, you have nothing

to worry about -- everything should work optimally.

Without a suitable OpenSSL, the openconnect client will fall back to

passing packets over the HTTPS connection. This will still work OK, but

will suffer quite a lot if your connection has packet loss. For details

of why that happens, see http://sites.inka.de/~W1011/devel/tcp-tcp.html

If you insist on using ancient buggy versions of OpenSSL, these are the

patches you require if you want DTLS to work:

For versions of OpenSSL earlier than 0.9.8m, you'll need the Cisco

compatibility support:

http://cvs.openssl.org/chngview?cn=18037

For versions of OpenSSL earlier than 0.9.8j, a couple of other DTLS

bug-fixes are also required:

http://cvs.openssl.org/chngview?cn=17500

http://cvs.openssl.org/chngview?cn=17505