SERVER ALERT: Fatal - Insufficient Security - :no_suitable_signature_algorithm

[alinpopa]

OTP 26.2.5 Elixir 1.16.3-otp-26 Hackney: 1.20.1

Getting the following error when making a tls request to the server:

     13:05:14.834 [notice]  ssl_handshake.select_hashsign/5  TLS :server: In state :hello at ssl_handshake.erl:1656 generated SERVER ALERT: Fatal - Insufficient Security
      - :no_suitable_signature_algorithm
     13:05:14.844 [notice]  ssl_alert.decode/3  TLS :client: In state :hello received SERVER ALERT: Fatal - Insufficient Security

The ssl conf for the client (using HTTPoison):

      ssl: [
        {:certfile, "client/client-cert.pem"},
        {:keyfile, "client/client-key.pem"},
        {:versions, [:"tlsv1.2"]},
        {:server_name_indication, :disable},
        {:verify, :verify_none}
      ],

This was working fine on OTP 25, but it fails on OTP 26. Also, both server and the client are running on OTP 26.

Thanks.

[benoitc]

how is configured the server?

[alinpopa]

It's a Phoenix server, and https is configured like this:

  https: [
    port: 7002,
    otp_app: :zeroapp,
    verify: :verify_peer,
    fail_if_no_peer_cert: true,
    versions: [:"tlsv1.2"],
    keyfile: "priv/server/server-key.pem",
    certfile: "priv/server/server-cert.pem",
    cacertfile: "priv/ca.pem"
  ],

[alinpopa]

@benoitc thank you for your input, but I think I found the cause of this: the certificates I was using were very very old, and they're using a different signing algorithm than those being supported. I've regenerated the certs and now they seem to be working fine. I'm gonna close this as it's a non-issue related to Hackney.