Question about handshake error

Matt Caswell matt at
Wed Mar 11 16:57:42 UTC 2020

On 11/03/2020 16:56, Viktor Dukhovni wrote:
> On Wed, Mar 11, 2020 at 03:12:26PM +0000, Matt Caswell wrote:
>>> The signature algorithm security level is not expected to be enforced
>>> on self-signed certificates (root CAs).  How is it happening here?
>> It isn't. In this case the client is openssl but the server is unknown.
>> The problem is on the server side. The server is refusing to continue a
>> handshake where the sigalgs do not include sha1 because the server is
>> misconfigured to include a root in the cert chain which has a SHA1
>> signature. The server is obviously inspecting the mis-configured chain,
>> seeing the SHA1 signature, and giving up. This is not an OpenSSL problem.
> Matt are you able to confirm whether the below is correct?  Perhaps
> I should file a PR to address this if it is...

I will run some tests to confirm or deny what you think might be
happening. Probably it will be tomorrow before I get to it.


> On Wed, Mar 11, 2020 at 11:32:58AM -0400, Viktor Dukhovni wrote:
>>> self-signed CA signatures are not subjected to security levels in
>>> x509_vfy.c, the same exclusion does not appear to be present in:
>>>     int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
>>> [...]

More information about the openssl-users mailing list