Unfortunately my employer uses an older VPN appliance, and I don’t have authority to change that. So, I need to tweak OpenConnect permissions to allow connections using older versions of TLS - this is very easy on Workstation, I can just edit:
/etc/crypto-policies/back-ends/opensslcnf.config
and change MinProtocol = TLSv1.0
However, in Silverblue I can’t do that. I tried creating a toolbox (my first time using toolbox), but I was also unable to make changes there. It would not let me switch to my super user, something about an incomplete profile? That’s never previously been an issue.
If you want to reconfigure your system’s OpenConnect then toolbox is the wrong place, and /etc on your system (i.e. not inside a box/container) is the right one. How did you try to edit the config? sudo vim (or whatever editor you like) should work from a user which has sudo permission. Alternatively, sudo -i should give a root shell.
I tried adding this to /etc/crypto-policies/local.d and was able to save my modified file there. However, I tried running both update-crypto-policies and rebooted, but still no joy connecting to VPN.
EDIT: after editing the original file as suggested by Jeff V and rebooting (again) I could see that the customized file in local.d was appended to the original file. So, this worked too.
Just using nano let me make the change and it persisted through a reboot. However, I’m still getting the original error: SSL connection failure: A packet with illegal or unsupported version was received
So it seems something other than (or in addition to) the minimum TLS version is wrong. Could have sworn this fixed the problem on my other laptop, but that was three years ago.