That worked! The addition of (boost-speak)
SSL_CTX_set1_client_sigalgs_list(
GetNativeRef().impl(),
"RSA+SHA256");
completed the handshake and got everything going again. Thanks for all your
assistance.
But this demonstrates that my headaches have been coming from the fact that
sha384 and sha512 are broken in our build somehow. The no-asm configure
directive didn't make a difference so maybe a compiler bug or something?
Still happy to provide traces or diagnostics if anyone there wants to try to
track down the issue, just let me know, thanks again ... N
Nou Dadoun
Senior Firmware Developer, Security Specialist
Office: 604.629.5182 ext 2632
-----Original Message-----
From: openssl-users [mailto:[email protected]] On Behalf Of
Nounou Dadoun
Sent: Monday, February 29, 2016 1:41 PM
To: [email protected]
Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error
67702888--bad signature
Ah, thanks Viktor and Kurt for the clarification, I didn't get that
distinction/connection - I'll try that next ... N
Nou Dadoun
Senior Firmware Developer, Security Specialist
Office: 604.629.5182 ext 2632
-----Original Message-----
From: openssl-users [mailto:[email protected]] On Behalf Of
Kurt Roeckx
Sent: Monday, February 29, 2016 1:35 PM
To: [email protected]
Subject: Re: [openssl-users] [openssl-dev] Failed TLSv1.2 handshake with error
67702888--bad signature
The cipher is using SHA256, there is also a signature using SHA512 for the
verification of the client certificate. I think we've already pointed out how
to disable that.
Kurt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
