Question
[SSL-VPN] Upgrade from FortiClient 7.0.5 to 7.0.6: SSL stuck at 40%
So we started updating the free FortiClient for Windows 10 Enterprise from release 7.0.5 to 7.0.7. Afterwards while connecting with SSL to the FortiGate, the client hangs at 40%. We downgraded to 7.0.6 and still the clients hang at 40%. Finally we downgraded to 7.0.5 and SSL VPN works again. To summarize:
FortiClient version <= 7.0.5: SSL connection works
FortiClient version >= 7.0.6: SSL clients hangs at 40%
Debugging with:
diagnose debug application sslvpn -1
diagnose debug enable
2022-11-03 15:02:10 [82:root:1037]Destroy sconn 0x425d4600, connSize=20. (root) 2022-11-03 15:02:10 [82:root:1038]allocSSLConn:247 sconn 0x425d4600 (0:root) 2022-11-03 15:02:10 [82:root:1038]SSL state:before/accept initialization (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client hello A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write server hello A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write certificate A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write key exchange A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write server done A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 flush data (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client certificate A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client key exchange A:system lib(x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client key exchange A:system lib(x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read client key exchange A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read certificate verify A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 read finished A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write session ticket A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write change cipher spec A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 write finished A (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSLv3 flush data (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL state:SSL negotiation finished successfully (x.x.x.x) 2022-11-03 15:02:10 [82:root:1038]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 2022-11-03 15:02:10 [82:root:1038]req: /remote/info 2022-11-03 15:02:10 [82:root:1038]def: (nil) /remote/info 2022-11-03 15:02:10 [82:root:1038]req: /remote/login 2022-11-03 15:02:10 [82:root:1038]rmt_authutil.c:418 no session id in auth info 2022-11-03 15:02:10 [82:root:1038]rmt_authutil.c:701 invalid cache, ret=4103 2022-11-03 15:02:11 [82:root:1038]main.c,epollFdHandler,551, sconn=0x425d4600[52,-1,-1,-1,-1], fd=52, event=25. 2022-11-03 15:02:11 [82:root:1038]main.c:608 s: 0x425d4600 event: 0x19 2022-11-03 15:02:11 [82:root:1038]Destroy sconn 0x425d4600, connSize=20. (root)
So, what goes wrong?