It is not a bug in OpenSSL and it is not a misconfiguration or non-compliance on the server side either. Basically to enhance security the default seclevel on Debian and Ubuntu was raised to 2 which doesn't allow SHA1 signatures which are weak. The server apparently doesn't support them which indicates that it is some older implementation but that doesn't necessarily mean it is non-compliant. It is just less capable. However the SHA1 signatures are regarded as seriously weakened currently, so it would be certainly a very good idea to upgrade/fix the server to support SHA2 based signatures. Tomáš Mráz 14. 8. 2020 8:00, 8:00, Andrea Giudiceandrea via openssl-users <openssl-users@xxxxxxxxxxx> napsal/a: >Hi all, >on Ubuntu 20.04 LTS 64 bit, with OpenSSL version 1.1.1f, it is not >possible to connect to a popular GIS OGC server at >gibs.earthdata.nasa.gov:443 using OpenSSL or cUrl or Wget default >parameters. The OpenSSL 1.1.1f package available for Ubuntu 20.04 is >build with the "-DOPENSSL_TLS_SECURITY_LEVEL=2" option. > >The relevant errors are: "SSL routines:tls12_check_peer_sigalg:wrong >signature type:../ssl/t1_lib.c:1145" and "SSL3 alert >write:fatal:handshake failure". > >On the same machine it is possible to connect to that server using >Firefox version 79.0 (the reported connection security properties are >"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2") or >gnutls-cli version 3.6.13 (the reported connection security properties >are "(TLS1.2-X.509)-(ECDHE-SECP384R1)-(RSA-SHA1)-(AES-256-GCM)"). >The connection is also possible on Ubuntu 18.04 (OpenSSL 1.1.1 without >the "-DOPENSSL_TLS_SECURITY_LEVEL=2" build option). > >I already know the source of the issue (the server uses SHA1 as peer >signing digest which is not allowed at SECURITY LEVEL = 2) and how to >workaround it (setting SECLEVEL=1 as a cli option or in openssl.cnf), >but I'd like to know if it is due to a misconfigured / non compliant >server or to a bug in OpenSSL. > >In the former case, I'd like to know some technical specifications to >refer to in order to submit the issue to the gibs.earthdata.nasa.gov >system administrators so that they can understand the problem and >configure the server correctly. > >Best regards. > >Andrea Giudiceandrea > >Note: > >see the following excerpts from the connection logs: > >************** >$ openssl s_client -state -connect gibs.earthdata.nasa.gov:443 >CONNECTED(00000003) >SSL_connect:before SSL initialization >SSL_connect:SSLv3/TLS write client hello >SSL_connect:SSLv3/TLS write client hello >SSL_connect:SSLv3/TLS read server hello >depth=2 C = US, O = "Entrust, Inc.", OU = See >www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for >authorized use only", CN = Entrust Root Certification Authority - G2 >verify return:1 >depth=1 C = US, O = "Entrust, Inc.", OU = See >www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for >authorized use only", CN = Entrust Certification Authority - L1K >verify return:1 >depth=0 C = US, ST = Maryland, L = Greenbelt, O = NASA (National >Aeronautics and Space Administration), CN = gibs.earthdata.nasa.gov >verify return:1 >SSL_connect:SSLv3/TLS read server certificate >SSL3 alert write:fatal:handshake failure >SSL_connect:error in error >139920655459648:error:1414D172:SSL >routines:tls12_check_peer_sigalg:wrong signature >type:../ssl/t1_lib.c:1145: >[...] >--- >No client certificate CA names sent >Server Temp Key: ECDH, P-384, 384 bits >--- >SSL handshake has read 5443 bytes and written 322 bytes >Verification: OK >--- >New, (NONE), Cipher is (NONE) >Server public key is 2048 bit >Secure Renegotiation IS supported >Compression: NONE >Expansion: NONE >No ALPN negotiated >SSL-Session: > Protocol : TLSv1.2 > Cipher : 0000 > Session-ID: >12B3427E761029EDED05CB26B3DD854ADE7B0D68061C2515A60A8A297AC968DB > Session-ID-ctx: > Master-Key: > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1597339233 > Timeout : 7200 (sec) > Verify return code: 0 (ok) > Extended master secret: no >--- >************** > >************** >$ openssl s_client -connect gibs.earthdata.nasa.gov:443 -cipher >DEFAULT@SECLEVEL=1 >CONNECTED(00000003) >depth=2 C = US, O = "Entrust, Inc.", OU = See >www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for >authorized use only", CN = Entrust Root Certification Authority - G2 >verify return:1 >depth=1 C = US, O = "Entrust, Inc.", OU = See >www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for >authorized use only", CN = Entrust Certification Authority - L1K >verify return:1 >depth=0 C = US, ST = Maryland, L = Greenbelt, O = NASA (National >Aeronautics and Space Administration), CN = gibs.earthdata.nasa.gov >verify return:1 >[...] >--- >No client certificate CA names sent >Peer signing digest: SHA1 >Peer signature type: RSA >Server Temp Key: ECDH, P-384, 384 bits >--- >SSL handshake has read 5503 bytes and written 483 bytes >Verification: OK >--- >New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 >Server public key is 2048 bit >Secure Renegotiation IS supported >Compression: NONE >Expansion: NONE >No ALPN negotiated >SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES256-GCM-SHA384 > Session-ID: >A48C668A8154E1A81137873D8D7D6CCF77B4C31729074C8C37A67B4A1CE9B155 > Session-ID-ctx: > Master-Key: >D0147A71395D3336D998B1499630E4D4BA965F1BC9D8E526EF232A7D15ECC7989AE3A8844693D628C47B76A7BA8BFC4B > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1597384544 > Timeout : 7200 (sec) > Verify return code: 0 (ok) > Extended master secret: no >--- >**************
