That worked! The addition of (boost-speak) SSL_CTX_set1_client_sigalgs_list( GetNativeRef().impl(), "RSA+SHA256"); completed the handshake and got everything going again. Thanks for all your assistance. But this demonstrates that my headaches have been coming from the fact that sha384 and sha512 are broken in our build somehow. The no-asm configure directive didn't make a difference so maybe a compiler bug or something? Still happy to provide traces or diagnostics if anyone there wants to try to track down the issue, just let me know, thanks again ... N Nou Dadoun Senior Firmware Developer, Security Specialist Office: 604.629.5182 ext 2632 -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Nounou Dadoun Sent: Monday, February 29, 2016 1:41 PM To: openssl-users at openssl.org Subject: Re: [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature Ah, thanks Viktor and Kurt for the clarification, I didn't get that distinction/connection - I'll try that next ... N Nou Dadoun Senior Firmware Developer, Security Specialist Office: 604.629.5182 ext 2632 -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Kurt Roeckx Sent: Monday, February 29, 2016 1:35 PM To: openssl-users at openssl.org Subject: Re: [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature The cipher is using SHA256, there is also a signature using SHA512 for the verification of the client certificate. I think we've already pointed out how to disable that. Kurt