Hi Sebastian & Kurt, Quoting Sebastian Andrzej Siewior (2019-08-13 21:09:35) > On 2019-08-12 23:59:10 [+0200], Kurt Roeckx wrote: > > > Kurt, could we get something into OpenSSL (aka openssl s_client > > > -connect) which describes the error more accurate / verbose? > > > I will try to collect some information and point the ssllabs people to > > > it hoping that it will pop up in the server rating… > > The error is very clear to me. The server picked a signature > > algorithm that the client didn't offer. > signature algorithm used for the key-exchange (forward-security) if I'm > not mistaken. My point is that with more information here, we maybe > could avoid being involved :) > I don't know if the problem is a bug in an older openssl version or a > bad configarion used on the server side. > > > Should I try to contact > > level 3? > > Yes, please. As an openssl dev you might have more luck. With a template > I would ping the ssllabs folks :)
thanks a lot for looking into this issue. I would volunteer to help somehow as well but so far I don't know enough to be of any help, I'm afraid. I wouldn't even know how to show that the server picked a signature algorithm that the client didn't offer. Thanks a lot to you both and tell me if there is anything I can do. cheers, josch
signature.asc
Description: signature