So, in their chain of certs that they present there is still an RSA-SHA1 certificate. It shouldn't affect validation, as the other certs in the chain are sufficient (for example gnutls-cli toodledo.com connects fine) but it does trip up openssl:
- Certificate[3] info: - subject `OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US', issuer `OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US', serial 0x00, RSA key 2048 bits, signed using RSA-SHA1 (broken!), activated `2004-06-29 17:06:20 UTC', expires `2034-06-29 17:06:20 UTC', pin-sha256="VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=" Now, they could remove that cert from the chain that their server uses. But also they should not need to do this and openssl should just work. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1864689 Title: openssl in 20.04 can't connect to site that was fine in 19.10 and is fine in Chrome and Firefox To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs