Hi Jeff, I am not sure I can post the entire cert here. Is there any part in particular that would be useful to debug the Alert Number 43 problem? David On Tue, Nov 1, 2016 at 8:07 PM, Jeffrey Walton <noloader@xxxxxxxxx> wrote: >> When I tested a remote server using s_client, it responded with: >> >> verify return:1 >> >> 139790582232992:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 >> alert unsupported certificate:s3_pkt.c:1259:SSL alert number 43 >> >> 139790582232992:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl >> handshake failure:s3_pkt.c:598: >> >> >> I found the the following URL about this: >> >> http://stackoverflow.com/questions/14435839/ssl-alert-43-when-doing-client-authentication-in-ssl?answertab=oldest#tab-top >> >> My question: Does this indicate something wrong with server side >> certificate like the URL said? > > Netscape Cert Type was recently removed, IIRC. > > OpenSSL servers [used to?] have a bug where they can't use the EC key > pair they generated for use with an EC-based certificate. Also see > http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves. > > Post the certificate. Use `openssl s_client -connect <hostname>:<port> > -tls1 -servername <hostname> | openssl x509 -text -noout` > > Jeff > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
