On Fri, Sep 28, 2012, YUN GAO wrote: > Hi there: > I found a different behavior between 0.9.8l and 1.0.1b, it happens > when s_server using an invalid certificate, and s_client requires a > verification > of server certificate. The invalid certificate has an incorrect > signature length, and its name is bad_cert.pem. > For 1.0.1b > openssl s_server -cert bad_cert.pem -WWW -CAfile cert_trusted.pem > openssl s_client -connect localhost:4433 -verify -1 -debug > I got the following error message > From Client: > verify depth is -1 > CONNECTED(00000003) > write to 0x8277450 [0x8278058] (181 bytes => 181 (0xB5)) > ..........(Ignored) > read from 0x8277450 [0x827d5e0] (7 bytes => 0 (0x0)) > 4160554636:error:140790E5:SSL > routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 0 bytes and written 181 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > --- > From Server: > 4160554636:error:04075070:rsa routines:RSA_sign:digest > too big for rsa key:rsa_sign.c:127: > 4160554636:error:1409B006:SSL
The reason for that is the RSA key size. By default OpenSSL will use SHA512 for signatures in OpenSSL 1.0.1 and later if the peer supports TLS 1.2. If your key is too small to handle an SHA512 signature (e.g. 512 bits) it will fail with that error. Previous version of OpenSSL don't support TLS 1.2 and wont use SHA512, instead using the SHA1+MD5 signature used in previous versions of TLS. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
