The cipher is using SHA256, there is also a signature using SHA512 for the verification of the client certificate. I think we've already pointed out how to disable that.
Kurt On Mon, Feb 29, 2016 at 08:55:34PM +0000, Nounou Dadoun wrote: > And I should add a reminder that the negotiated cipher that's failing is > actually TLS_RSA_WITH_AES_256_CBC_SHA256 > > Which does seem a little odd with sha256t passing and sha512t failing ... N > > > Nou Dadoun > Senior Firmware Developer, Security Specialist > > Office: 604.629.5182 ext 2632 > > -----Original Message----- > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Nounou Dadoun > Sent: Monday, February 29, 2016 12:41 PM > To: openssl-users@openssl.org > Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with > error 67702888--bad signature > > Sorry, that may be the name of one of the associated libraries, in any event > it's a Linaro arm toolchain version 4.9.1 running on a linux x-64 vm ... N > > > -----Original Message----- > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Nounou Dadoun > Sent: Monday, February 29, 2016 12:31 PM > To: openssl-users@openssl.org > Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with > error 67702888--bad signature > > It's arm-linux-gnueabihf-4.9.1 > > ... N > > Nou Dadoun > Senior Firmware Developer, Security Specialist > > > Office: 604.629.5182 ext 2632 > > -----Original Message----- > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Kurt Roeckx > Sent: Monday, February 29, 2016 12:23 PM > To: openssl-users@openssl.org > Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with > error 67702888--bad signature > > Which compiler and version are you using? > > Kurt > > On Mon, Feb 29, 2016 at 08:12:10PM +0000, Nounou Dadoun wrote: > > For the record, I added no-asm to the config options and got exactly > > the same result on the sha512t test. Open to other suggestions ... N > > > > > > Nou Dadoun > > Senior Firmware Developer, Security Specialist > > > > > > Office: 604.629.5182 ext 2632 > > > > -----Original Message----- > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > > Behalf Of Nounou Dadoun > > Sent: Monday, February 29, 2016 11:39 AM > > To: openssl-users@openssl.org > > Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake > > with error 67702888--bad signature > > > > Back in the office today - the sha1 and sha256 tests passed but the sha512 > > failed immediately as below. > > > > # ./sha1test > > test 1 ok > > test 2 ok > > test 3 ok > > # ./sha256t > > Testing SHA-256 ... passed. > > Testing SHA-224 ... passed. > > # ./sha512t > > Testing SHA-512 > > TEST 1 of 3 failed. > > # > > > > Took a quick look at the code and it looks pretty straightforward, do you > > have a version you'd like me to run that dumps the result over and above > > doing a straight memcmp (funny that it doesn't do that anyway on failure) > > or just let me know what you'd like dumped and what format you'd like it > > in. And maybe remove the returns so it goes through all the tests? > > > > Happy to help root cause this issue if I can. > > > > Haven't tried the no-asm option yet, I might try that next. > > > > Nou Dadoun > > Senior Firmware Developer, Security Specialist > > > > Office: 604.629.5182 ext 2632 > > > > -----Original Message----- > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > > Behalf Of Dr. Stephen Henson > > Sent: Sunday, February 28, 2016 4:58 AM > > To: openssl-users@openssl.org > > Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake > > with error 67702888--bad signature > > > > On Sun, Feb 28, 2016, Nounou Dadoun wrote: > > > > > > > > We're cross-compiling on a linux x86 vm, does "make test" produce > > > something that I can run on the target? > > > > "make test" wont be very useful then. The binary test/sha512t you can copy > > to the target and run it. I'd be interested in the output. > > > > Steve. > > -- > > Dr Stephen N. Henson. OpenSSL project core developer. > > Commercial tech support now available see: http://www.openssl.org > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
