[squid-users] tls12_check_peer_sigalg:wrong signature type

Edouard Gaulué listes at e-gaulue.com
Wed Mar 11 15:59:31 UTC 2020


Hi Community,

We moved from 3.4.8 to 4.10 two days ago (and more generally to Buster).

Some users complain today about HTTPS sites that are not reachable while 
it was before (we bump). They are reachable from browsers without proxy.

An example is : www.marches-securises.fr.

In the log I get :

ERROR: negotiating TLS on FD 57: error:1414D172:SSL 
routines:tls12_check_peer_sigalg:wrong signature type (1/-1/0)

openssl s_client -connect www.marches-securises.fr:443 is OK

I believed in the beginning, it was an intermediate certificate trouble, 
but it doesn't look so. I read this : 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934453

I'm not sure squid is involved, but maybe some of you have already 
overcome this kind of trouble through squid or openssl configuration.

If ever, please share,

Best regards, Edouard



More information about the squid-users mailing list