Question about handshake error
Niki Dinsey
niki.dinsey at abingdon.org.uk
Wed Mar 11 17:08:49 UTC 2020
Thanks Matt for your reply earlier, following your advice I've edited the
following line in my openssl.cnf file:
CipherString = DEFAULT at SECLEVEL=1
and it now works in s_client and curl:
niks at DESKTOP-O2VP5O2:/etc/ssl$ curl https://thankqcrm.accessacloud.com/
<snip>/?X-apikey=<snip>
{"Status":"OK","PageIndex":1,"PageSize":15,"PageCount":1,"Columns":[{"Name":"destinationCode","DataType":"Text","MaxLength":20},{"Name":"webDescriptionOverride","DataType":"Text","MaxLength":-1}],"Rows":[{"destinationCode":"BOARDING","webDescriptionOverride":"Boarding"},{"destinationCode":"BURSARYAS","webDescriptionOverride":"Bursaries"},{"destinationCode":"GIVING
DAY 2020","webDescriptionOverride":"GIVING DAY
2020"},{"destinationCode":"OTHER","webDescriptionOverride":"Other"},{"destinationCode":"PARTNER","webDescriptionOverride":"Partnerships"},{"destinationCode":"UNRESTRAS","webDescriptionOverride":"Unrestricted"}],"RecordCount":6,"RecordStartIndex":1}
Thanks so much for the help resolving the issue.
As for going back to the software vendor, I absolutely want to but don't
hold out too much hope they will change anything.
I'm basically going to say this:
The certificate chain contains two redundant root certificates, these
should be removed as there is no need to send root certificates and because
they are signed with SHA1 stricter servers like Debian are dropping the
connection.
Does that sound about right?
As for the conversation with Viktor, it's all over my head! Can I just
ignore and get back to work? Thanks again
Niki
On Wed, 11 Mar 2020 at 15:33, Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:
> On Wed, Mar 11, 2020 at 11:31:51AM -0400, Viktor Dukhovni wrote:
>
> > I think the server could be OpenSSL, because why I made sure that
>
> s/why/while/.
>
> > self-signed CA signatures are not subjected to security levels in
> > x509_vfy.c, the same exclusion does not appear to be present in:
> >
> > int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int
> is_ee)
> > [...]
>
> --
> Viktor.
>
--
Niki Dinsey
IS Manager
07974 214718
01235 849061 (x261)
--
Save the date: Abingdon's first 24hr *Giving Day - 18 March 2020*.Help
support our ambition to double the number of bursaries across the
Foundation.
<http://www.150givingday.abingdon.org.uk>
--
Abingdon School: A company limited by guarantee Registered in England and
Wales. Company No. 3625063
Registered Office:
Abingdon School
Park
Road
Abingdon
OX14 1DE
Registered Charity No. 1071298
All information
in this message and attachments is confidential and may be legally
privileged. Only intended recipients are authorised to use it. E-mail
transmissions are not guaranteed to be secure or error free and the sender
does not accept liability for such errors or omissions. The company will
not accept any liability in respect of such communication that violates our
ICT policies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200311/6fe14e96/attachment-0001.html>
More information about the openssl-users
mailing list