Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-26 Thread Nounou Dadoun
I've extracted the certificates from the exchange to verify that the (tlsv1) successful handshake and the (tlsv1.2) failed handshake certificates are identical (they are) and I've also checked to make sure that the CA certificate that the server has for signature verification is the same as the

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-26 Thread Dr. Stephen Henson
On Fri, Feb 26, 2016, Nounou Dadoun wrote: > I've extracted the certificates from the exchange to verify that the (tlsv1) > successful handshake and the (tlsv1.2) failed handshake certificates are > identical (they are) and I've also checked to make sure that the CA > certificate that the serve

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-26 Thread Nounou Dadoun
ignature is failing. N. From: openssl-users [openssl-users-boun...@openssl.org] on behalf of Dr. Stephen Henson [st...@openssl.org] Sent: February 26, 2016 3:06 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handsha

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Dr. Stephen Henson
On Sat, Feb 27, 2016, Nounou Dadoun wrote: > Thanks for the response, > > I'm not sure what you're saying here other than TLS 1.2 client cert auth > processing is different from TLS x (where x<1.2); I would assume that the > range of mechanisms would expand to include more robust algorithms as ti

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Kurt Roeckx
On Sat, Feb 27, 2016 at 06:23:43PM +, Dr. Stephen Henson wrote: > On Sat, Feb 27, 2016, Nounou Dadoun wrote: > > > Thanks for the response, > > > > I'm not sure what you're saying here other than TLS 1.2 client cert auth > > processing is different from TLS x (where x<1.2); I would assume tha

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Nounou Dadoun
ehalf of Dr. Stephen Henson [st...@openssl.org] Sent: February 27, 2016 10:23 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature On Sat, Feb 27, 2016, Nounou Dadoun wrote: > Thanks for the response, > > I

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Kurt Roeckx
On Sat, Feb 27, 2016 at 07:45:18PM +, Nounou Dadoun wrote: > PLATFORM=VC-WIN64A Can you try a build with no-asm? Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Nounou Dadoun
49 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature On Sat, Feb 27, 2016 at 07:45:18PM +, Nounou Dadoun wrote: > PLATFORM=VC-WIN64A Can you try a build with no-asm? Kurt -- openssl-users mailing

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Viktor Dukhovni
> On Feb 27, 2016, at 3:49 PM, Kurt Roeckx wrote: > > On Sat, Feb 27, 2016 at 07:45:18PM +, Nounou Dadoun wrote: >> PLATFORM=VC-WIN64A > > Can you try a build with no-asm? Or perhaps with 1.0.1r, why stick with 1.0.1h??? -- Viktor. -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Nounou Dadoun
d problem ... N From: openssl-users [openssl-users-boun...@openssl.org] on behalf of Viktor Dukhovni [openssl-us...@dukhovni.org] Sent: February 27, 2016 1:14 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Viktor Dukhovni
> On Feb 27, 2016, at 4:25 PM, Nounou Dadoun wrote: > > I agree but that's not the side I'm working on; the client is already widely > distributed and if we can identify that as the interop problem then I can > make an argument to the client team to upgrade but that doesn't solve the > curren

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Nounou Dadoun
nssl-users-boun...@openssl.org] on behalf of Viktor Dukhovni [openssl-us...@dukhovni.org] Sent: February 27, 2016 1:28 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature > On Feb 27, 2016, at 4:25 PM,

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Dr. Stephen Henson
On Sat, Feb 27, 2016, Nounou Dadoun wrote: > That gives me something to work with, the server is using openssl 1.0.2d, the > client openssl 1.0.1h > > I'd actually had an earlier interop problem between them (which I had a > mailing list discussion about here: > http://openssl.6102.n7.nabble.c

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-27 Thread Dr. Stephen Henson
On Sat, Feb 27, 2016, Nounou Dadoun wrote: > That gives me something to work with, the server is using openssl 1.0.2d, the > client openssl 1.0.1h > Also does the server side pass "make test"? Especially test/sha512t Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial te

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-28 Thread Nounou Dadoun
From: openssl-users [openssl-users-boun...@openssl.org] on behalf of Dr. Stephen Henson [st...@openssl.org] Sent: February 27, 2016 5:24 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-28 Thread Dr. Stephen Henson
On Sun, Feb 28, 2016, Nounou Dadoun wrote: > > We're cross-compiling on a linux x86 vm, does "make test" produce something > that I can run on the target? "make test" wont be very useful then. The binary test/sha512t you can copy to the target and run it. I'd be interested in the output. Steve

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Nounou Dadoun
ssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Sunday, February 28, 2016 4:58 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature On Sun, Feb 28, 2016, Nounou Dadoun

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Nounou Dadoun
worldwide. -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Nounou Dadoun Sent: Monday, February 29, 2016 11:39 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signa

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Kurt Roeckx
[mailto:openssl-users-boun...@openssl.org] On Behalf Of > Nounou Dadoun > Sent: Monday, February 29, 2016 11:39 AM > To: openssl-users@openssl.org > Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with > error 67702888--bad signature > > Back in the off

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Nounou Dadoun
PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature Which compiler and version are you using? Kurt On Mon, Feb 29, 2016 at 08:12:10PM +, Nounou Dadoun wrote: > For the record, I added no-asm to the config options

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Nounou Dadoun
ry 29, 2016 12:31 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature It's arm-linux-gnueabihf-4.9.1 ... N Nou Dadoun Senior Firmware Developer, Security Specialist Office: 604.629.5182 ext 2632 ---

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Nounou Dadoun
ginal Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Nounou Dadoun Sent: Monday, February 29, 2016 12:41 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature Sorry, that m

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Viktor Dukhovni
> On Feb 29, 2016, at 3:55 PM, Nounou Dadoun wrote: > > And I should add a reminder that the negotiated cipher that's failing is > actually TLS_RSA_WITH_AES_256_CBC_SHA256 > > Which does seem a little odd with sha256t passing and sha512t failing ... N There are no SHA512 TLS ciphersuites, and

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Kurt Roeckx
gt; -Original Message- > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Nounou Dadoun > Sent: Monday, February 29, 2016 12:41 PM > To: openssl-users@openssl.org > Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with > error 67

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Nounou Dadoun
users-boun...@openssl.org] On Behalf Of Kurt Roeckx Sent: Monday, February 29, 2016 1:35 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature The cipher is using SHA256, there is also a signature using SHA512 for the verificat

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Nounou Dadoun
PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature Ah, thanks Viktor and Kurt for the clarification, I didn't get that distinction/connection - I'll try that next ... N Nou Dadoun Senior Firmware Devel

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Kurt Roeckx
On Mon, Feb 29, 2016 at 10:48:22PM +, Nounou Dadoun wrote: > But this demonstrates that my headaches have been coming from the fact that > sha384 and sha512 are broken in our build somehow. The no-asm configure > directive didn't make a difference so maybe a compiler bug or something? I'm a

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-02-29 Thread Nounou Dadoun
] On Behalf Of Kurt Roeckx Sent: Monday, February 29, 2016 3:47 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature On Mon, Feb 29, 2016 at 10:48:22PM +, Nounou Dadoun wrote: > But this demonstrates that

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-03-01 Thread Kurt Roeckx
On Tue, Mar 01, 2016 at 12:38:20AM +, Nounou Dadoun wrote: > Is it sufficient to change -O3 to -O2 it in the Configure file or is there > somewhere else it needs to be changed? Yes, in Configure should be enough. Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/m

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-03-01 Thread Nounou Dadoun
] On Behalf Of Kurt Roeckx Sent: Tuesday, March 01, 2016 12:16 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature On Tue, Mar 01, 2016 at 12:38:20AM +, Nounou Dadoun wrote: > Is it sufficient to change -O3

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-03-01 Thread Kurt Roeckx
Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with > error 67702888--bad signature > > On Tue, Mar 01, 2016 at 12:38:20AM +, Nounou Dadoun wrote: > > Is it sufficient to change -O3 to -O2 it in the Configure file or is there > > somewhere else it needs to

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-03-01 Thread Viktor Dukhovni
On Tue, Mar 01, 2016 at 07:57:41PM +0100, Kurt Roeckx wrote: > And using -O0? > > Which version of openssl are you using? IIRC the upthread posts said 1.0.2d on the server. Check the list archive. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailma

Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature

2016-03-01 Thread Nounou Dadoun
...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Tuesday, March 01, 2016 11:45 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error 67702888--bad signature On Tue, Mar 01, 2016 at 07:57:41PM +0100, Kurt Roeckx wrote: > And using