Question about handshake error

Matt Caswell matt at
Wed Mar 11 15:12:26 UTC 2020

On 11/03/2020 15:08, Viktor Dukhovni wrote:
> On Wed, Mar 11, 2020 at 12:15:32PM +0000, Matt Caswell wrote:
>> I would recommend that the server operator removes both copies of the
>> root cert from its cert chain. Hopefully this should then mean that it
>> does not see the SHA1 root and will therefore continue the handshake. If
>> you can't get the server operator to make this change then, as a
>> workaround, you'd have to change your application configuration to add
>> back in the missing sigalgs and switch the security level to 0.
> The signature algorithm security level is not expected to be enforced
> on self-signed certificates (root CAs).  How is it happening here?

It isn't. In this case the client is openssl but the server is unknown.
The problem is on the server side. The server is refusing to continue a
handshake where the sigalgs do not include sha1 because the server is
misconfigured to include a root in the cert chain which has a SHA1
signature. The server is obviously inspecting the mis-configured chain,
seeing the SHA1 signature, and giving up. This is not an OpenSSL problem.


More information about the openssl-users mailing list