[openssl-users] Alert number 43
David Li
dlipubkey at gmail.com
Wed Nov 2 16:41:02 UTC 2016
Hi Jeff,
I am not sure I can post the entire cert here. Is there any part in
particular that would be useful to debug the Alert Number 43 problem?
David
On Tue, Nov 1, 2016 at 8:07 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> When I tested a remote server using s_client, it responded with:
>>
>> verify return:1
>>
>> 139790582232992:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3
>> alert unsupported certificate:s3_pkt.c:1259:SSL alert number 43
>>
>> 139790582232992:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl
>> handshake failure:s3_pkt.c:598:
>>
>>
>> I found the the following URL about this:
>>
>> http://stackoverflow.com/questions/14435839/ssl-alert-43-when-doing-client-authentication-in-ssl?answertab=oldest#tab-top
>>
>> My question: Does this indicate something wrong with server side
>> certificate like the URL said?
>
> Netscape Cert Type was recently removed, IIRC.
>
> OpenSSL servers [used to?] have a bug where they can't use the EC key
> pair they generated for use with an EC-based certificate. Also see
> http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves.
>
> Post the certificate. Use `openssl s_client -connect <hostname>:<port>
> -tls1 -servername <hostname> | openssl x509 -text -noout`
>
> Jeff
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list