[openssl-users] Alert number 43

Jeffrey Walton noloader at gmail.com
Wed Nov 2 03:07:13 UTC 2016


> When I tested a remote server using s_client, it responded with:
>
> verify return:1
>
> 139790582232992:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3
> alert unsupported certificate:s3_pkt.c:1259:SSL alert number 43
>
> 139790582232992:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl
> handshake failure:s3_pkt.c:598:
>
>
> I found the the following URL about this:
>
> http://stackoverflow.com/questions/14435839/ssl-alert-43-when-doing-client-authentication-in-ssl?answertab=oldest#tab-top
>
> My question: Does this indicate something wrong with server side
> certificate like the URL said?

Netscape Cert Type was recently removed, IIRC.

OpenSSL servers [used to?] have a bug where they can't use the EC key
pair they generated for use with an EC-based certificate. Also see
http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves.

Post the certificate. Use `openssl s_client -connect <hostname>:<port>
-tls1 -servername <hostname> | openssl x509 -text -noout`

Jeff


More information about the openssl-users mailing list