This is fixed, I had the wrong hash NID in the legacy sigalgs.
Interesting fact: when the client sends sigalgs in order of
preference, mircosoft processes all of them for every cipher type, and
therefore chooses the weakest ;)
On Tue, Nov 13, 2018 at 4:28 AM Stuart Henderson <[email protected]> wrote:
>
> On 2018/11/13 09:37, Sebastien Marie wrote:
> > Hi,
> >
> > Moving the thread to bugs@ has it seems to be an issue with libssl.
> >
> > When connecting with nc(1) to outlook.office365.com:993, on older system
> > is able to connect and verify the connection. On a recent system, the
> > handshake failed due to "invalid digest length".
>
> This is from the "Stop keeping track of sigalgs by guessing it from
> digest and pkey" commit, too many commits on top for a simple revert.
>
> ---------------------
> PatchSet 3125
> Date: 2018/11/10 01:19:09
> Author: beck
> Branch: HEAD
> Tag: (none)
> Log:
> Stop keeping track of sigalgs by guessing it from digest and pkey,
> just keep the sigalg around so we can remember what we actually
> decided to use.
> ok jsing@
>
> Members:
> ssl_cert.c:1.69->1.70
> ssl_clnt.c:1.40->1.41
> ssl_lib.c:1.191->1.192
> ssl_locl.h:1.223->1.224
> ssl_sigalgs.c:1.3->1.4
> ssl_sigalgs.h:1.4->1.5
> ssl_srvr.c:1.54->1.55
> t1_lib.c:1.149->1.150
>
> ---------------------
>
