Hi Tomáš and openssl users,
finally the server at gibs.earthdata.nasa.gov was upgraded in order to
support SHA256 (instead of SHA1) as peer signing digest algorithm.
So, it is now possible to properly connect to it on Ubuntu 20.04 without
the need of lower the default SECURITY LEVEL from 2 to 1.
Regards.
Andrea Giudiceandrea
Il 14/08/2020 08:41, Tomas Mraz ha scritto:
It is not a bug in OpenSSL and it is not a misconfiguration or non-compliance
on the server side either. Basically to enhance security the default seclevel
on Debian and Ubuntu was raised to 2 which doesn't allow SHA1 signatures which
are weak. The server apparently doesn't support them which indicates that it is
some older implementation but that doesn't necessarily mean it is
non-compliant. It is just less capable.
However the SHA1 signatures are regarded as seriously weakened currently, so it
would be certainly a very good idea to upgrade/fix the server to support SHA2
based signatures.
Tomáš Mráz