Forum Discussion
Ntinos
Nimbostratus
Why does this happen only on TLS 1.3 and 1.5.1 BEST? TLS 1.2 works fine.
Lidev
Sep 17, 2020MVP
Have you try the same test (openssl s_clien)t but with tls1.2 to see if the result is the same (certificate expired)?
openssl s_client -tls1_2 -connect 20.0.5.25:443
- NtinosSep 17, 2020Nimbostratus
Yes, ceritificate is expired but everything works, curl/spirent etc.
- LidevSep 17, 2020MVP
Okay, makes a tcpdump or ssl dump and compares the Ciphers Suites negotiated with the client during the SSL Handshake.
TLS 1.3 has eliminated support for algorithms and ciphers that are practically vulnerable.
- RC4 Stream Cipher
- RSA Key Exchange
- SHA-1 Hash Function
- CBC (Block) Mode Ciphers
- MD5 Algorithm
- Various non-ephemeral Diffie-Hellman groups
- EXPORT-strength ciphers
- DES
- 3DES
- NtinosSep 22, 2020Nimbostratus
I've updated my certificate so that it's not expired, still the same error. I still don't understand why this happens to BEST instance only and why GOOD works...