Re: openssl client v1.1.0 can not connect: handshake failure:ssl/record/rec_layer_s3.c:1385:SSL alert number 40

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 17/02/17 07:46, Matthias Apitz wrote:
> New, TLSv1/SSLv3, Cipher is DHE-DSS-AES128-GCM-SHA256

Your server appears to be configured with a DSA certificate.

OpenSSL 1.1.0 made changes to the default ciphersuites that get sent.
See this CHANGES entry:

  *) Changes to the DEFAULT cipherlist:
       - Prefer (EC)DHE handshakes over plain RSA.
       - Prefer AEAD ciphers over legacy ciphers.
       - Prefer ECDSA over RSA when both certificates are available.
       - Prefer TLSv1.2 ciphers/PRF.
       - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the
         default cipherlist.
     [Emilia Käsper]

So OpenSSL 1.1.0 does not offer any DSS based ciphersuites by default
any more. If your server only has a DSA certificate then this is going
to fail.

Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux