Hello,
On 14. Jul 2023, at 05:43, Yasuhiro Kimura yasu@utahime.org wrote:
2023.07.14 12:29:12 LOG3[0]: SSL_connect: /usr/src/crypto/openssl/ssl/t1_lib.c:1146: error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
This likely happens because the connection uses an old version of TLS, which use SHA1 or older digests in the signature algorithm. The OpenSSL security level setting no longer allows this by default. See
https://github.com/openssl/openssl/blob/master/ssl/t1_lib.c#L1824-L1841
which implements this.
2023.07.14 12:31:12 LOG3[0]: SSL_connect: /usr/src/crypto/openssl/ssl/statem/extensions.c:894: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
This is a different problem. OpenSSL 3 disabled a path that is vulnerable to CVE-2009-3555 by default and now requires that peers send the RFC 5746 renegotiation indication extension, which your peer does not seem to support.
If you want to allow such connections anyway (exposing them to CVE-2009-3555), you can set the SSL_OP_LEGACY_SERVER_CONNECT (for connections initiated by OpenSSL 3) or SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION (for connections accepted by OpenSSL 3). See the "SECURE RENEGOTIATION” section in https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_options.html for more details.
These are also available as configuration options for openssl.cnf. See UnsafeLegacyRenegotiation and UnsafeLegacyServerConnect in https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd.html.
HTH, Clemens