Wrong signature type error trying to connect to gibs.earthdata.nasa.gov on Ubuntu 20.04

Andrea Giudiceandrea andreaerdna at libero.it
Wed Jul 28 09:22:44 UTC 2021


Hi ⁣Tomáš​ and openssl users,
finally the server at gibs.earthdata.nasa.gov was upgraded in order to 
support SHA256 (instead of SHA1) as peer signing digest algorithm.

So, it is now possible to properly connect to it on Ubuntu 20.04 without 
the need of lower the default SECURITY LEVEL from 2 to 1.

Regards.

Andrea Giudiceandrea

Il 14/08/2020 08:41, Tomas Mraz ha scritto:
> It is not a bug in OpenSSL and it is not a misconfiguration or non-compliance on the server side either. Basically to enhance security the default seclevel on Debian and Ubuntu was raised to 2 which doesn't allow SHA1 signatures which are weak. The server apparently doesn't support them which indicates that it is some older implementation but that doesn't necessarily mean it is non-compliant. It is just less capable.
> 
> However the SHA1 signatures are regarded as seriously weakened currently, so it would be certainly a very good idea to upgrade/fix the server to support SHA2 based signatures.
> 
> ⁣Tomáš​ Mráz


More information about the openssl-users mailing list