On Thu, Jan 07, 2021 at 05:10:29PM -0800, Quanah Gibson-Mount wrote:
> Using wireshark, we can see the following signature algorithms are offered
> from the client side (which uses TLSv1.2) for both the working and failing
> servers:
>
> 0x0403 ECDSA-SHA256
> 0x0503 ECDSA-SHA384
> 0x0603 ECDSA-SHA512
> 0x0401 RSA-SHA256
> 0x0501 RSA-SHA384
> 0x0601 RSA-SHA512
> 0x0402 DSA-SHA256
> 0x0203 ECDSA-SHA1
> 0x0201 RSA-SHA1
> 0x0202 DSA-SHA1
You're leaving out too much detail. Post the full client hello decoded
by "tshark":
https://www.spinics.net/lists/openssl-users/msg05623.html
> If I test connecting on the command line to the server in question, I can
> connect using any of RSA+SHA256, RSA+SHA384, and RSA+SHA512 from the above
> signature algorithms without issue, like:
What sort of certificate does the server have. Are there any ssl module
settings in its openssl.cnf file?
--
Viktor.
