[squid-users] tls12_check_peer_sigalg:wrong signature type
Edouard Gaulué
listes at e-gaulue.com
Wed Mar 11 15:59:31 UTC 2020
Hi Community,
We moved from 3.4.8 to 4.10 two days ago (and more generally to Buster).
Some users complain today about HTTPS sites that are not reachable while
it was before (we bump). They are reachable from browsers without proxy.
An example is : www.marches-securises.fr.
In the log I get :
ERROR: negotiating TLS on FD 57: error:1414D172:SSL
routines:tls12_check_peer_sigalg:wrong signature type (1/-1/0)
openssl s_client -connect www.marches-securises.fr:443 is OK
I believed in the beginning, it was an intermediate certificate trouble,
but it doesn't look so. I read this :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934453
I'm not sure squid is involved, but maybe some of you have already
overcome this kind of trouble through squid or openssl configuration.
If ever, please share,
Best regards, Edouard
More information about the squid-users
mailing list