On 2019-08-12 23:59:10 [+0200], Kurt Roeckx wrote: > > Kurt, could we get something into OpenSSL (aka openssl s_client > > -connect) which describes the error more accurate / verbose? > > I will try to collect some information and point the ssllabs people to > > it hoping that it will pop up in the server rating… > > The error is very clear to me. The server picked a signature > algorithm that the client didn't offer.
signature algorithm used for the key-exchange (forward-security) if I'm not mistaken. My point is that with more information here, we maybe could avoid being involved :) I don't know if the problem is a bug in an older openssl version or a bad configarion used on the server side. > Should I try to contact > level 3? Yes, please. As an openssl dev you might have more luck. With a template I would ping the ssllabs folks :) > > Kurt > Sebastian