ECDSA certificates break the server

Question

ECDSA certificates break the server

Opened this issue 3 years ago · 2 comments

We found this out by accident. Somehow, an ECDSA certificate got generated for a test muck instead of RSA, and it blew the whole thing to bits.

% Trying to connect to test-world: [...]::1 4248.
% Intermediate connection to test-world failed: SSL/lib: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
% Trying to connect to test-world: [...] 4248.
% Connection to test-world failed: SSL: SSL_ERROR_ZERO_RETURN

Answer 1 · 2021-06-01T15:16:20.000Z

This looks potentially more like your MUCK client couldn't handle it than your MUCK server itself. Looks like tf which means you're lucky to have even basic SSL support :) (Not a slam against tf, mind, I use it myself and maintain my own version of it)

That said, I'm not nearly savvy enough about SSL to know the difference. Off the top of your head, fo you have a preferred outcome for if the server encounters an ECDSA cert? (i.e. give an error, fail to start, accept it and use it correctly, etc.) Otherwise, I'll have to do research to see what the 'right' thing to do here is.

Answer 2 · 2021-06-12T22:47:37.000Z

I'll poke around with it and come up with a recommendation.