Question about handshake error

Matt Caswell matt at openssl.org
Wed Mar 11 15:12:26 UTC 2020



On 11/03/2020 15:08, Viktor Dukhovni wrote:
> On Wed, Mar 11, 2020 at 12:15:32PM +0000, Matt Caswell wrote:
> 
>> I would recommend that the server operator removes both copies of the
>> root cert from its cert chain. Hopefully this should then mean that it
>> does not see the SHA1 root and will therefore continue the handshake. If
>> you can't get the server operator to make this change then, as a
>> workaround, you'd have to change your application configuration to add
>> back in the missing sigalgs and switch the security level to 0.
> 
> The signature algorithm security level is not expected to be enforced
> on self-signed certificates (root CAs).  How is it happening here?
> 

It isn't. In this case the client is openssl but the server is unknown.
The problem is on the server side. The server is refusing to continue a
handshake where the sigalgs do not include sha1 because the server is
misconfigured to include a root in the cert chain which has a SHA1
signature. The server is obviously inspecting the mis-configured chain,
seeing the SHA1 signature, and giving up. This is not an OpenSSL problem.

Matt


More information about the openssl-users mailing list