On Wed, Mar 11, 2020 at 12:15:32PM +0000, Matt Caswell wrote: > > I *think* what is happening is the server is checking the chain it has > been configured with, spotting that it includes a SHA1 based signature > and therefore refusing to respond at all because the client has not > indicated SHA1 support. IIRC openssl is a little less strict in this > regards and would send the certificate anyway if it doesn't have a > better alternative. That seems to be the same as: https://github.com/openssl/openssl/issues/11236 Kurt
