Re: [openssl-1.1.1l] TLS1.2 Server responses with Alert

2021-12-31 Thread Mark Hack
The server error is correct - the signature_algorithms_cert extension does not offer rsa_pkcs1_sha256 (0x0401) which is the server certificate signing algorithm. If the client is written in Java, check java.security for "jdk.certpath.disabledAlgorithms" and check the constraints. On Fri, 2021-

RE: [openssl-1.1.1l] TLS1.2 Server responses with Alert

2021-12-31 Thread Michael Wojcik
> From: openssl-users On Behalf Of Ma > Zhenhua > Sent: Thursday, 30 December, 2021 23:59 > On the SSL/TLS server, there's one error as follows. > "SSL Error(118) - no suitable signature algorithm" Debugging handshake failures isn't my area of expertise, but I note both ClientHellos include a