[openssl-users] Alert number 43
Jeffrey Walton
noloader at gmail.com
Wed Nov 2 03:07:13 UTC 2016
> When I tested a remote server using s_client, it responded with:
>
> verify return:1
>
> 139790582232992:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3
> alert unsupported certificate:s3_pkt.c:1259:SSL alert number 43
>
> 139790582232992:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl
> handshake failure:s3_pkt.c:598:
>
>
> I found the the following URL about this:
>
> http://stackoverflow.com/questions/14435839/ssl-alert-43-when-doing-client-authentication-in-ssl?answertab=oldest#tab-top
>
> My question: Does this indicate something wrong with server side
> certificate like the URL said?
Netscape Cert Type was recently removed, IIRC.
OpenSSL servers [used to?] have a bug where they can't use the EC key
pair they generated for use with an EC-based certificate. Also see
http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves.
Post the certificate. Use `openssl s_client -connect <hostname>:<port>
-tls1 -servername <hostname> | openssl x509 -text -noout`
Jeff
More information about the openssl-users
mailing list