[openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

Viktor Dukhovni openssl-users at dukhovni.org
Mon Feb 29 21:30:13 UTC 2016


> On Feb 29, 2016, at 3:55 PM, Nounou Dadoun <nounou.dadoun at avigilon.com> wrote:
> 
> And I should add a reminder that the negotiated cipher that's failing is actually TLS_RSA_WITH_AES_256_CBC_SHA256
> 
> Which does seem a little odd with sha256t passing and sha512t failing ... N

There are no SHA512 TLS ciphersuites, and yet SHA512 can be used with TLS!
This is because it is used to sign handshake protocol messages, not the
encrypted traffic that follows.

The signature algorithm negotation in TLS 1.2 is separate from cipher selection.

-- 
	Viktor.



More information about the openssl-users mailing list