On Mon, Aug 12, 2019 at 10:04:11PM +0200, Sebastian Andrzej Siewior wrote: > On 2019-08-12 18:22:38 [+0200], Kurt Roeckx wrote: > > On Mon, Aug 12, 2019 at 10:42:06AM +0200, Johannes Schauer wrote: > > > > > curl: (35) error:1414D172:SSL > > > > > routines:tls12_check_peer_sigalg:wrong signature type > > > > > > thanks to juliank on #debian-devel I found out that this issue seems to > > > be a > > > duplicate of #912759? > > > > > > If so, what should I write to the server admins of daserste.de? I'm not > > > quite > > > knowledgable about the topic and with the Qualys SSL Labs Server test > > > reporting > > > an A+ for the server, I don't know what argument to make that they are > > > wrong. > > > > Yes, this is a duplicate of #912759. Their software is buggy, most > > likely not supported. They should probably talk to their vendor to > > get an update. > > | $ host www.daserste.de > | www.daserste.de is an alias for sni.daserste.c.footprint.net. > | sni.daserste.c.footprint.net has address 8.248.125.252 > | sni.daserste.c.footprint.net has address 67.26.137.252 > | sni.daserste.c.footprint.net has address 8.248.129.252 > > ach level3 CDN, lovely. So the problem is to find someone who > understands the problem. This goes for the people behind daserste.de > and those behind the CDN. > > Kurt, could we get something into OpenSSL (aka openssl s_client > -connect) which describes the error more accurate / verbose? > I will try to collect some information and point the ssllabs people to > it hoping that it will pop up in the server rating…
The error is very clear to me. The server picked a signature algorithm that the client didn't offer. Should I try to contact level 3? Kurt