[Pkg-openssl-devel] Bug#912759: Bug#912759: "wrong signature type" with working websites
Nicolas George
george at nsup.org
Sat Nov 3 18:18:06 GMT 2018
Kurt Roeckx (2018-11-03):
> I suggest that you try anyway. If that doesn't work, you can try
> to publicly shame them:
> https://www.troyhunt.com/the-effectiveness-of-publicly-shaming-bad-security/
I have already tried to deal with them in the past. Please assume that I
know how they will react.
> They are running a software version that has doesn't even have
> support anymore and has known security issues, otherwise you
> wouldn't be getting this error.
They do not care.
> As I already explained, the interoperability bug is on the server
> side
I believe you there is a conformity bug in the server. But conformity is
not the same thing as interoperability. Interoperability bugs are on
both side, that is what interoperability means.
> This can be worked around by lowering the security level from 2 to
> 1, so that you also send what they're going to pick anyway. For
> instance this works:
> openssl s_client -connect voscomptesenligne.labanquepostale.fr:443 -cipher DEFAULT at SECLEVEL=1
Thanks for the work-around. Can you tell me how I could find this by
myself using the documentation and error message?
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20181103/7e48c71a/attachment-0001.sig>
More information about the Pkg-openssl-devel
mailing list