|
Hi,
On 29/06/21 18:31, david raingeard wrote: I'd say this is a local build issue; I just unpacked 1.1.1g on my CentOS 7.9 box, did a ./config no-shared make make test then ./apps/openssl s_client -CAfile /etc/pki/tls/cert.pem -connect google.com:443 and got this: ./apps/openssl s_client -CAfile /etc/pki/tls/cert.pem -connect google.com:443 CONNECTED(00000003) depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify return:1 depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 verify return:1 depth=0 CN = *.google.com verify return:1 --- Certificate chain 0 s:CN = *.google.com i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 i:C = US, O = Google Trust Services LLC, CN = GTS Root R1 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1 i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA --- Server certificate -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- subject=CN = *.google.com issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 6449 bytes and written 392 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- So no errors, no warnings and it is using TLS 1.3 to connect. Check your local environment and especially check that make test does not give any errors. HTH, JJK |
