[Pkg-openssl-devel] Bug#934453: curl: SSL routines:tls12_check_peer_sigalg:wrong signature type

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Mon Aug 12 21:04:11 BST 2019


On 2019-08-12 18:22:38 [+0200], Kurt Roeckx wrote:
> On Mon, Aug 12, 2019 at 10:42:06AM +0200, Johannes Schauer wrote:
> > > >     curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
> > 
> > thanks to juliank on #debian-devel I found out that this issue seems to be a
> > duplicate of #912759?
> > 
> > If so, what should I write to the server admins of daserste.de? I'm not quite
> > knowledgable about the topic and with the Qualys SSL Labs Server test reporting
> > an A+ for the server, I don't know what argument to make that they are wrong.
> 
> Yes, this is a duplicate of #912759. Their software is buggy, most
> likely not supported. They should probably talk to their vendor to
> get an update.

| $  host www.daserste.de
| www.daserste.de is an alias for sni.daserste.c.footprint.net.
| sni.daserste.c.footprint.net has address 8.248.125.252
| sni.daserste.c.footprint.net has address 67.26.137.252
| sni.daserste.c.footprint.net has address 8.248.129.252

ach level3 CDN, lovely. So the problem is to find someone who
understands the problem. This goes for the people behind daserste.de
and those behind the CDN.

Kurt, could we get something into OpenSSL (aka openssl s_client
-connect) which describes the error more accurate / verbose?
I will try to collect some information and point the ssllabs people to
it hoping that it will pop up in the server rating…

> Kurt

Sebastian



More information about the Pkg-openssl-devel mailing list