TLS 1.2 handshake issue (Server Certificate request)

Bashin, Vladimir vbashin at empirix.com
Fri Feb 7 18:24:44 UTC 2020


Hello, OpenSSL experts !

We need your help in better understanding a below behavior -

We are experiencing issue during the initial TLS handshake :
We have the customer-issued TLS certificate that we deploy on our TLS client system
The certs  have been generated with a CSR that was generated on customer's  FIPS compliant server
The CSR was then signed by CA hosted on SMGR

During the endpoint registration with the server we have an endpoint initiated TLS handshake - during that handshake the TLS server requests the client Certificate but our TLS client responds with the Certificates Length 0 that causes the TLS server to respond with the Handshake Failure.


The Google search gives some generic ideas on why that might be happening - something along the following lines - that could be happening in case the client's certificate does not match the server certificate - for example, due to a signing authority mismatch, or due to the encryption cipher type mismatch, or maybe due to some other factors.

Could you please help us in better understanding this issue - what else could be wrong or missing in the Server and Client certificates ?





[cid:image001.png at 01D5DDB9.F54DC2E0]


Thanks,
Vladimir Bashin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200207/19799812/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 65573 bytes
Desc: image001.png
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200207/19799812/attachment-0001.png>


More information about the openssl-users mailing list