Package: openssl Version: 3.0.11-1~deb12u2
When I invoke `/usr/bin/openssl s_client -connect 192.168.92.95:636` root@nsd-sdproxy1:~# cat /etc/debian_version 12.5 root@nsd-sdproxy1:~# root@nsd-sdproxy1:~# uname -a Linux nsd-sdproxy1 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux root@nsd-sdproxy1:~# I have the latest patches installed. Telnet works root@nsd-sdproxy1:~# telnet 192.168.92.95 636 Trying 192.168.92.95... Connected to nsd-ad. Escape character is '^]'. from latest rocky linux it is ok [bogucki@nsd-ansible ~]$ /usr/bin/openssl s_client -connect 192.168.92.95:636 CONNECTED(00000003) Can't use SSL_get_servername depth=0 CN = dc1.dev.it verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = dc1.dev.it verify error:num=21:unable to verify the first certificate verify return:1 depth=0 CN = dc1.dev.it verify return:1 --- Certificate chain 0 s:CN = dc1.dev.it i:DC = it, DC = dev, CN = dev-DC1-CA --- Server certificate -----BEGIN CERTIFICATE----- MIIFtDCCBJygAwIBAgITHQAAAAIpIoHQZ/LB4AAAAAAAAjANBgkqhkiG9w0BAQUF ADA+MRIwEAYKCZImiZPyLGQBGRYCaXQxEzARBgoJkiaJk/IsZAEZFgNkZXYxEzAR BgNVBAMTCmRldi1EQzEtQ0EwHhcNMjMxMjIwMjIzNDUyWhcNMjQxMjE5MjIzNDUy WjAVMRMwEQYDVQQDEwpkYzEuZGV2Lml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAuNy00MrsJl16YwJ7aBq3qKQkGKiWwIpJPIhnSxs+oSWHyXnPzElh 3YybHYSFmVhCioqgv9AacMEQUfgzanURMdDRetOMfnYD0TyfMM9FHcV+U3QR7XRc gd9V+7V04Pp/tJzfatOljiZ32OIf+RpuOOzaAs7K2sPu7C9asoJvT292SWl6A+D/ I6y2ugaKpLfqQaJ3DD11u+Zyfsg+ynAvWrxOhWG1+ImHQShDuhzDZFaVnypw0HvA Exm57lIsLGSYpecPCxN1x4dKQ0FgKfruH6S/IuAdY49WOjB8qDEg5dQFr85zYbZd MyKqUN5e82v2Dy9cM/WBWC+M8DVsf75dQwIDAQABo4IC0jCCAs4wLwYJKwYBBAGC NxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQByMB0GA1UdJQQW MBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAweAYJKoZIhvcN AQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAsGCWCGSAFl AwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFlAwQBBTAHBgUr DgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUfBtL8l6VeeYQ7A98ffO89tTy72Iw HwYDVR0jBBgwFoAU1YtlfOHW2JxHTtoslbmjPW0fmlUwgb8GA1UdHwSBtzCBtDCB saCBrqCBq4aBqGxkYXA6Ly8vQ049ZGV2LURDMS1DQSxDTj1kYzEsQ049Q0RQLENO PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy YXRpb24sREM9ZGV2LERDPWl0P2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFz ZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCBtwYIKwYBBQUHAQEE gaowgacwgaQGCCsGAQUFBzAChoGXbGRhcDovLy9DTj1kZXYtREMxLUNBLENOPUFJ QSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25m aWd1cmF0aW9uLERDPWRldixEQz1pdD9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0 Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA2BgNVHREELzAtoB8GCSsGAQQB gjcZAaASBBDswipFcEo8QJ4wa+MD1ObxggpkYzEuZGV2Lml0MA0GCSqGSIb3DQEB BQUAA4IBAQAsfoVcCK8W+IF2S70g96BNolfDj2fUJXDYU+T1cDMEo0nMT/Bmczj1 zI/leMKbHwJJIgZF6XDtZadv+AJtkjA9TBlvgJsLDVoD+Zr3u9tZ2uWbkPkvBEP2 4WD6ioij6w/WJZ4/ZLk654mPN4e59cd2QdaPlFJzXMmF04qBkAio7/OV/eStJA+m NRj1c/7FvKMssMp8P++AG6bENRFEz8Syu4Bjhma69PR0c+1ElLwc/uZgaROSTvf5 6ZYoKvniP0B+r+tnHjuF1H72eDJV9TjL4/I00M+Qt1nsoms06A/GwrUfk6+gGsge WN7jgiktT3hZ/xexMOFSWaWUK5/vc6Cp -----END CERTIFICATE----- subject=CN = dc1.dev.it issuer=DC = it, DC = dev, CN = dev-DC1-CA --- No client certificate CA names sent Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1 Peer signing digest: SHA1 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2020 bytes and written 467 bytes Verification error: unable to verify the first certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES128-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-SHA256 Session-ID: 281C000089A8FE3766C77054BA467FB88A4AFE62F9B52D478E6840B5B29F2787 Session-ID-ctx: Master-Key: 2A4EBD468A173EA25C9217F586BE7D91206D0D367D75F44118205118DEE042B5B804292F3FEFD020A19EC6034F86B19C PSK identity: None PSK identity hint: None SRP username: None Start Time: 1709547310 Timeout : 7200 (sec) Verify return code: 21 (unable to verify the first certificate) Extended master secret: yes --- -- Pozdrawiam serdecznie Maciej Bogucki