-
-
Notifications
You must be signed in to change notification settings - Fork 30.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL 3.0.0: TLS 1.0 / 1.1 connections fail with TLSV1_ALERT_INTERNAL_ERROR #87957
Comments
With OpenSSL 3.0.0-alpha14 several tests for TLS 1.0 and 1.1 connections are failing handshake with "[SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error". OpenSSL is configured with default security level "1". Tests are only passing with @SECLEVEL=0. I think the security default callback refuses NID_sha1 and NID_sha1_md5 SSL_SECOP_SIGALG_SUPPORTED because their security bits are lower than minimum of 80 bits. ssl_security_default_callback (s=0x7fffdc001840, ctx=0x0, op=327691, bits=67, nid=114, other=0x7fffe8ab194a, ex=0x0) at ssl/ssl_cert.c:969 #0 tls_choose_sigalg (s=0x7fffdc001840, fatalerrs=1) at ssl/t1_lib.c:3307 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
if (!fatalerrs)
return 1;
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
return 0;
} |
#25304 is merged PR to master. |
Hello, its sill happening to me although i am using OpenSSL 3.1.1 version. It seems to be an issue onlyy for linux distros as it works for me on windows with the same version. any help? |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: