On Mon, 2022-03-21 at 00:12 +0100, Sebastian Andrzej Siewior wrote:
> The change in openssl is commit
> cc7c6eb8135b ("Check that the default signature type is allowed")
>
> Before the commit in question it connects as:
> - Description: (TLS1.0)-(ECDHE-SECP384R1)-(AES-256-CBC)-(SHA1)
>
> after that, the server throws:
> 140490373015360:error:14201044:SSL
> routines:tls_choose_sigalg:internal error:../ssl/t1_lib.c:2880:
>
> and it appears that the security level in openssl forbids SHA1 here.
> The argument on the s_server side
> -sigalgs RSA+SHA1:RSA+SHA256:DSA+SHA1:DSA+SHA256
>
> doesn't help here but
> -cipher "ALL:@SECLEVEL=1"
>
> does.
>
If we wanted to add a note to the release announcement in case users
face similar issue with other software, is "tls_choose:sigalg:internal
error" a reliable signal of this situation occurring? Should the
recommended solution be to lower the security level, or might
specifying -sigalgs work on its own in some scenarios?
Regards,
Adam
