Unable to negotiate acceptable set of security parameters #9452
Description
2fff14b created the issue
We've noticed an increase in "inoperability failures" when connecting to secure webdav using P12's generated as part of our 2FA requirement when connecting to our SaaS based web platform. The login process never transfers from the certificate selection to allowing access to the key chain.
We've tracked it by trial/error to a change somewhere between version 4.7.3 (works) and 4.8.1 (failures)
- Affected Systems: MBP 2.4/Core i5 OSX 10.9.5 & MBP 2.7 Core i5 OSX 10.11.4
- Working versions: 4.5 - 4.7.3.
- Non-working version: First non-working version 4.8.1 (4.8.1.19040.zip)
- Windows machine has worked through all versions up to and including 4.9
Same remote webdav host/path and credentials and P12's used in all tests.
Here are the OpenSSL commands used to create the P12 (if this helps at all...)
openssl req -new -sha256 -newkey rsa:1024 -nodes -out client.req -keyout client.key
openssl x509 -CA client.net_01.crt -CAkey client.net_011.key -CAserial client.net_011.srl -req -in client.req -out client.pem -days 365
openssl pkcs12 -export -in client.pem -inkey client.key -certfile client.crt -name "client" -out client.p12
I did notice that 4.8.1 was the first to have this:
[Bugfix] Restore compatibility with OS X 10.7 - 10.9 (Mac)
but unsure if that excludes versions 10.9.5 and higher... couldn't find a trac number to research further.
Attachments
Error Messsage Steps.docx(1173.0 KiB)Handshake Failure.png(78.6 KiB)
