[Pkg-openssl-devel] Bug#912759: Bug#912759: "wrong signature type" with working websites
Kurt Roeckx
kurt at roeckx.be
Sat Nov 3 18:01:30 GMT 2018
On Sat, Nov 03, 2018 at 05:44:50PM +0100, Nicolas George wrote:
> > I suggest you try to contact your bank so that they update their
> > software.
>
> No need, I already know what they will answer: "use Chrome, it works".
I suggest that you try anyway. If that doesn't work, you can try
to publicly shame them:
https://www.troyhunt.com/the-effectiveness-of-publicly-shaming-bad-security/
They are running a software version that has doesn't even have
support anymore and has known security issues, otherwise you
wouldn't be getting this error.
> Please fix the interoperability bug.
As I already explained, the interoperability bug is on the server
side, where the ignore what you send and pick something you didn't
send, while they actually support what you did send.
This can be worked around by lowering the security level from 2 to
1, so that you also send what they're going to pick anyway. For
instance this works:
openssl s_client -connect voscomptesenligne.labanquepostale.fr:443 -cipher DEFAULT at SECLEVEL=1
Kurt
More information about the Pkg-openssl-devel
mailing list