On Tue, Nov 13, 2018 at 08:40:58PM -0700, Bob Beck wrote: > This is fixed, I had the wrong hash NID in the legacy sigalgs. > > Interesting fact: when the client sends sigalgs in order of > preference, mircosoft processes all of them for every cipher type, and > therefore chooses the weakest ;)
now, I have another regression with ssl_sigalgs.c 1.10 :-) $ nc -vvc -T ciphers=legacy -T protocols=legacy pop3.free.fr 995 Connection to pop3.free.fr 995 port [tcp/pop3s] succeeded! nc: tls handshake failed (handshake failed: error:04FFF068:rsa routines:CRYPTO_internal:bad signature) But if I use ssl_sigalgs.c 1.9, it is fine... $ nc -vvc -T ciphers=legacy -T protocols=legacy pop3.free.fr 995 Connection to pop3.free.fr 995 port [tcp/pop3s] succeeded! TLS handshake negotiated TLSv1/ECDHE-RSA-AES128-SHA with host pop3.free.fr Peer name: pop3.free.fr Subject: /CN=*.free.fr Issuer: /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA Valid From: Thu Jul 27 02:00:00 2017 Valid Until: Thu Aug 8 01:59:59 2019 Cert Hash: SHA256:9f32a1e1feee258fe14d103af98a017f208cd4795d88c681130919031e5d817d OCSP URL: http://gp.symcd.com +OK POP3 ready <1523817717.1542189303@popn2> But it seems to me it it is odd: if I correctly understood, the change occurs in tls1.2 stuff, and here the connection is done using tls1. Thanks. -- Sebastien Marie