Thanks Matt, the command you listed did succeed. I was hoping to be able to change our code so that we could connect to any server we were able to connect to before, but if this is truly a server-side bug, there's only so much we can do on the client side. If our customers see this change in behaviour after we upgrade OpenSSL, my understanding is that they will simply have to fix their server. Graeme -----Original Message----- From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Matt Caswell Sent: March 19, 2019 10:23 AM To: openssl-users@xxxxxxxxxxx Subject: Re: Differences in defaults between 1.0.2 and 1.1.1 On 19/03/2019 13:40, Perrow, Graeme wrote: > TLS: error: accept - force handshake failure: errno 11 - moznss error -12162 > > TLS: can't accept: TLS error -12162:Unsupported hash algorithm used by TLS peer.. Just to confirm - you've not configured client authentication? Assuming not, the above error message from the server suggests that it doesn't like one of the signature algorithms sent through from the client in the ClientHello. At least I'm assuming that's the point at which it fails. You omitted most of the -debug output so its a little unclear exactly how far through the handshake it got before the failure occurred. If my assumption is right then it looks like the server may be behaving incorrectly. It isn't supposed to fail if it encounters a parameter it doesn't recognise - its just supposed to ignore it. To test the theory I suggest sending through the same list of signature algorithms in the same order that 1.0.2 sends them. You can do that using the "-sigalgs" parameter to s_client: openssl s_client -showcerts -host <host>:<port> -debug -sigalgs "RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1" Matt