Package: curl Version: 7.65.3-1 Severity: normal Hi,
steps to reproduce: $ sudo debootstrap --include=curl,ca-certificates unstable debian-unstable [...] $ sudo chroot debian-unstable curl -vvv https://www.daserste.de * Trying 8.248.97.252:443... * TCP_NODELAY set * Connected to www.daserste.de (8.248.97.252) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (OUT), TLS alert, handshake failure (552): * error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type * Closing connection 0 curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type This also happens with other domains. I hope this is actually a curl issue and not my own stupidity but this problem only occurs with curl and not wget or firefox and the domain from above has an A+ rating on ssllabs.com, so I guess it is properly configured. Thanks! cheers, josch