Article <vd3t1a$3bjhk$1@paganini.bofh.team>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <vd3t1a$3bjhk$1@paganini.bofh.team>

Deutsch English Français Italiano

<vd3t1a$3bjhk$1@paganini.bofh.team>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!3.eu.feeder.erje.net!feeder.erje.net!newsfeed.bofh.team!paganini.bofh.team!not-for-mail
From: Anton Shepelev <anton.txt@gmail.moc>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Configuring OpenSSL to connect to an old server
Date: Thu, 26 Sep 2024 15:02:03 -0000 (UTC)
Organization: To protect and to server
Sender: 9dIQLXBM7WM9KzA+yjdR4A
Message-ID: <vd3t1a$3bjhk$1@paganini.bofh.team>
References: <vd3r49$3bfpp$1@paganini.bofh.team>
Injection-Date: Thu, 26 Sep 2024 15:02:03 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="3526196"; posting-host="lIS4Kz0c6D3FLXnm9cJWJA.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: tin/2.6.3-20231224 ("Banff") (FreeBSD/14.1-RELEASE (amd64))
X-Notice: Filtered by postfilter v. 0.9.3
Bytes: 2447
Lines: 42

Anton Shepelev <anton.txt@gmail.moc> wrote:

>         Options = UnsafeLegacyRenegotiation
>         Options = UnsafeLegacyServerConnect
> 
> Niether help, but both change changed to:
> 
>         0020E1F579080000:
>         error:
>         0A00014D:SSL routines:
>         tls_process_key_exchange:
>         legacy sigalg disallowed or unsupported:
>         /usr/src/crypto/openssl/ssl/statem/statem_clnt.c:2255:
> 
> Also in connection with this problem, the option
> SSL_OP_LEGACY_SERVER_CONNECT is mentioned. It is disabled by default
> since OpenSSL 3.0, and I have 3.0.13 .  But how can I set these
> OpenSSL options?

According to the SSL_CONF_cmd man page (unavaialbe on my system,
although OpenSSL is installed), the configuration-file option
UnsafeLegacyServerConnect is equivalent to
SSL_OP_LEGACY_SERVER_CONNECT:

   <https://docs.openssl.org/master/man3/SSL_CONF_cmd/#supported-configuration-file-commands>

So I /did/ follow the proposed solution, after all.  That said, how
can I determine what legacy algorithm is required, whether it is
disallowed (and therefore can be enabled) or unsupported (and a
different version of OpenSSL is required)?

There is also a solved OpenVPN issue for this error:

   <https://github.com/OpenVPN/openvpn/issues/348#issuecomment-1568546165>

The solution consists in specifying the following OpenVPN options:

   tls-cert-profile insecure
   providers legacy default
   compat-mode 2.3.0

But I fail to see how these optons may be translated to OpenSSL
configuration...