Question about handshake error
openssl-users at dukhovni.org
Wed Mar 11 15:08:11 UTC 2020
On Wed, Mar 11, 2020 at 12:15:32PM +0000, Matt Caswell wrote:
> I would recommend that the server operator removes both copies of the
> root cert from its cert chain. Hopefully this should then mean that it
> does not see the SHA1 root and will therefore continue the handshake. If
> you can't get the server operator to make this change then, as a
> workaround, you'd have to change your application configuration to add
> back in the missing sigalgs and switch the security level to 0.
The signature algorithm security level is not expected to be enforced
on self-signed certificates (root CAs). How is it happening here?
More information about the openssl-users