Thanks for the response, I'm not sure what you're saying here other than TLS 1.2 client cert auth processing is different from TLS x (where x<1.2); I would assume that the range of mechanisms would expand to include more robust algorithms as time goes on. However, here something is breaking backward compatibility with a client certificate that is still valid and otherwise correct as far as I can tell. Our (many) deployed clients support TLSv1.2 and this certificate is widely distributed - we are trying to upgrade the server side from TLSv1 to TLSv1.2 and this appears to be a blocker.
Any recommendations? I'm still not clear what it is about this certificate that fails in TLSv1.2; I would define a server callback for the certificate verification (I might experiment with that anyway) but it's not clear to me that it would call the callback if the signature is failing. N. ________________________________________ From: openssl-users [openssl-users-boun...@openssl.org] on behalf of Dr. Stephen Henson [st...@openssl.org] Sent: February 26, 2016 3:06 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature On Fri, Feb 26, 2016, Nounou Dadoun wrote: > I've extracted the certificates from the exchange to verify that the (tlsv1) > successful handshake and the (tlsv1.2) failed handshake certificates are > identical (they are) and I've also checked to make sure that the CA > certificate that the server has for signature verification is the same as the > CA certificate handed over by the client in the exchange (it is). > > I've also used the command line openssl verify to verify the certificate > against the CA: > "client_cert_success.pem: OK" > > However it succeeds in TLSv1 and fails in TLSv1.2 (the one line change noted > below). > > I've now attached the certificates for quick reference - can anyone see what > might be causing the different behavior between TLSv1 and TLSv1.2? > The signature TLS uses for Client auth is different in TLS 1.2. For TLS < 1.2 the TLS signature is a combined MD5+SHA1 form for RSA. For TLS 1.2 it is the more standard DigestInfo signature which can use other algorithms such as SHA512 or SHA256. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users