Wrong signature type error trying to connect to gibs.earthdata.nasa.gov on Ubuntu 20.04

Tomas Mraz tm at t8m.info
Fri Aug 14 06:41:59 UTC 2020 

It is not a bug in OpenSSL and it is not a misconfiguration or non-compliance on the server side either. Basically to enhance security the default seclevel on Debian and Ubuntu was raised to 2 which doesn't allow SHA1 signatures which are weak. The server apparently doesn't support them which indicates that it is some older implementation but that doesn't necessarily mean it is non-compliant. It is just less capable.

However the SHA1 signatures are regarded as seriously weakened currently, so it would be certainly a very good idea to upgrade/fix the server to support SHA2 based signatures.

⁣Tomáš​ Mráz

14. 8. 2020 8:00, 8:00, Andrea Giudiceandrea via openssl-users <openssl-users at openssl.org> napsal/a:
>Hi all,
>on Ubuntu 20.04 LTS 64 bit, with OpenSSL version 1.1.1f, it is not
>possible to connect to a popular GIS OGC server at
>gibs.earthdata.nasa.gov:443 using OpenSSL or cUrl or Wget default
>parameters. The OpenSSL 1.1.1f package available for Ubuntu 20.04 is
>build with the "-DOPENSSL_TLS_SECURITY_LEVEL=2" option.
>
>The relevant errors are: "SSL routines:tls12_check_peer_sigalg:wrong
>signature type:../ssl/t1_lib.c:1145" and "SSL3 alert
>write:fatal:handshake failure".
>
>On the same machine it is possible to connect to that server using
>Firefox version 79.0 (the reported connection security properties are
>"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2") or
>gnutls-cli version 3.6.13 (the reported connection security properties
>are "(TLS1.2-X.509)-(ECDHE-SECP384R1)-(RSA-SHA1)-(AES-256-GCM)").
>The connection is also possible on Ubuntu 18.04 (OpenSSL 1.1.1 without
>the "-DOPENSSL_TLS_SECURITY_LEVEL=2" build option).
>
>I already know the source of the issue (the server uses SHA1 as peer
>signing digest which is not allowed at SECURITY LEVEL = 2) and how to
>workaround it (setting SECLEVEL=1 as a cli option or in openssl.cnf),
>but I'd like to know if it is due to a misconfigured / non compliant
>server or to a bug in OpenSSL.
>
>In the former case, I'd like to know some technical specifications to
>refer to in order to submit the issue to the gibs.earthdata.nasa.gov
>system administrators so that they can understand the problem and
>configure the server correctly.
>
>Best regards.
>
>Andrea Giudiceandrea
>
>Note:
>
>see the following excerpts from the connection logs:
>
>**************
>$ openssl s_client -state -connect gibs.earthdata.nasa.gov:443
>CONNECTED(00000003)
>SSL_connect:before SSL initialization
>SSL_connect:SSLv3/TLS write client hello
>SSL_connect:SSLv3/TLS write client hello
>SSL_connect:SSLv3/TLS read server hello
>depth=2 C = US, O = "Entrust, Inc.", OU = See
>www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for
>authorized use only", CN = Entrust Root Certification Authority - G2
>verify return:1
>depth=1 C = US, O = "Entrust, Inc.", OU = See
>www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for
>authorized use only", CN = Entrust Certification Authority - L1K
>verify return:1
>depth=0 C = US, ST = Maryland, L = Greenbelt, O = NASA (National
>Aeronautics and Space Administration), CN = gibs.earthdata.nasa.gov
>verify return:1
>SSL_connect:SSLv3/TLS read server certificate
>SSL3 alert write:fatal:handshake failure
>SSL_connect:error in error
>139920655459648:error:1414D172:SSL
>routines:tls12_check_peer_sigalg:wrong signature
>type:../ssl/t1_lib.c:1145:
>[...]
>---
>No client certificate CA names sent
>Server Temp Key: ECDH, P-384, 384 bits
>---
>SSL handshake has read 5443 bytes and written 322 bytes
>Verification: OK
>---
>New, (NONE), Cipher is (NONE)
>Server public key is 2048 bit
>Secure Renegotiation IS supported
>Compression: NONE
>Expansion: NONE
>No ALPN negotiated
>SSL-Session:
>    Protocol  : TLSv1.2
>    Cipher    : 0000
>    Session-ID:
>12B3427E761029EDED05CB26B3DD854ADE7B0D68061C2515A60A8A297AC968DB
>    Session-ID-ctx:
>    Master-Key:
>    PSK identity: None
>    PSK identity hint: None
>    SRP username: None
>    Start Time: 1597339233
>    Timeout   : 7200 (sec)
>    Verify return code: 0 (ok)
>    Extended master secret: no
>---
>**************
>
>**************
>$ openssl s_client -connect gibs.earthdata.nasa.gov:443 -cipher
>DEFAULT at SECLEVEL=1
>CONNECTED(00000003)
>depth=2 C = US, O = "Entrust, Inc.", OU = See
>www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for
>authorized use only", CN = Entrust Root Certification Authority - G2
>verify return:1
>depth=1 C = US, O = "Entrust, Inc.", OU = See
>www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for
>authorized use only", CN = Entrust Certification Authority - L1K
>verify return:1
>depth=0 C = US, ST = Maryland, L = Greenbelt, O = NASA (National
>Aeronautics and Space Administration), CN = gibs.earthdata.nasa.gov
>verify return:1
>[...]
>---
>No client certificate CA names sent
>Peer signing digest: SHA1
>Peer signature type: RSA
>Server Temp Key: ECDH, P-384, 384 bits
>---
>SSL handshake has read 5503 bytes and written 483 bytes
>Verification: OK
>---
>New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
>Server public key is 2048 bit
>Secure Renegotiation IS supported
>Compression: NONE
>Expansion: NONE
>No ALPN negotiated
>SSL-Session:
>    Protocol  : TLSv1.2
>    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
>    Session-ID:
>A48C668A8154E1A81137873D8D7D6CCF77B4C31729074C8C37A67B4A1CE9B155
>    Session-ID-ctx:
>    Master-Key:
>D0147A71395D3336D998B1499630E4D4BA965F1BC9D8E526EF232A7D15ECC7989AE3A8844693D628C47B76A7BA8BFC4B
>    PSK identity: None
>    PSK identity hint: None
>    SRP username: None
>    Start Time: 1597384544
>    Timeout   : 7200 (sec)
>    Verify return code: 0 (ok)
>    Extended master secret: no
>---
>**************

More information about the openssl-users mailing list