[openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

Nounou Dadoun nounou.dadoun at avigilon.com
Mon Feb 29 22:48:22 UTC 2016


That worked!  The addition of (boost-speak)

		SSL_CTX_set1_client_sigalgs_list(
			GetNativeRef().impl(),
			"RSA+SHA256");

completed the handshake and got everything going again.  Thanks for all your assistance.

But this demonstrates that my headaches have been coming from the fact that sha384 and sha512 are broken in our build somehow.  The no-asm configure directive didn't make a difference so maybe a compiler bug or something?

Still happy to provide traces or diagnostics if anyone there wants to try to track down the issue, just let me know, thanks again ... N

Nou Dadoun
Senior Firmware Developer, Security Specialist


Office: 604.629.5182 ext 2632 

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Nounou Dadoun
Sent: Monday, February 29, 2016 1:41 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

Ah, thanks Viktor and Kurt for the clarification, I didn't get that distinction/connection - I'll try that next ... N

Nou Dadoun
Senior Firmware Developer, Security Specialist


Office: 604.629.5182 ext 2632 

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Kurt Roeckx
Sent: Monday, February 29, 2016 1:35 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

The cipher is using SHA256, there is also a signature using SHA512 for the verification of the client certificate.  I think we've already pointed out how to disable that.


Kurt



More information about the openssl-users mailing list