On Sat, Feb 27, 2016, Nounou Dadoun wrote: > That gives me something to work with, the server is using openssl 1.0.2d, the > client openssl 1.0.1h > > I'd actually had an earlier interop problem between them (which I had a > mailing list discussion about here: > http://openssl.6102.n7.nabble.com/Failed-TLSv1-2-handshake-td61528.html#a61630 > ) where server and client were negotiating TLSv1.2 with > TLS_RSA_WITH_AES_256_GCM_SHA384 and the handshake failed with the error > "decryption failed or bad record mac" - (that scenario was not doing mutual > authentication) and my eventual workaround was to disable AESGCM from the > cipher list - which got things going again - with the intention of figuring > out what the interop issue was later. There's a packet capture of a sample > failed exchange and more information about that overall scenario in that > email thread. >
That might be a problem with SHA384/SHA512. You can configure OpenSSL 1.0.2 server side to not request RSA+SHA384/RSA+SHA512 and see if that helps. If TLS v1.2 works other than that then it's likely that SHA256 is OK. See for example SSL_CTX_set1_client_sigalgs_list() et al at: https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set1_client_sigalgs.html Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
