On 11/03/2020 15:08, Viktor Dukhovni wrote: > On Wed, Mar 11, 2020 at 12:15:32PM +0000, Matt Caswell wrote: > >> I would recommend that the server operator removes both copies of the >> root cert from its cert chain. Hopefully this should then mean that it >> does not see the SHA1 root and will therefore continue the handshake. If >> you can't get the server operator to make this change then, as a >> workaround, you'd have to change your application configuration to add >> back in the missing sigalgs and switch the security level to 0. > > The signature algorithm security level is not expected to be enforced > on self-signed certificates (root CAs). How is it happening here? > It isn't. In this case the client is openssl but the server is unknown. The problem is on the server side. The server is refusing to continue a handshake where the sigalgs do not include sha1 because the server is misconfigured to include a root in the cert chain which has a SHA1 signature. The server is obviously inspecting the mis-configured chain, seeing the SHA1 signature, and giving up. This is not an OpenSSL problem. Matt
