Some versions of OpenSSL do not seem affected, or perhaps they had a
bug back in 2018. In openssl 1.0.2za-fips 24 Aug 2021, we receive the
"insufficient security" error if the client and server certificates do
not have both key usages. According to this doc:
By having digitalSignature on the client and keyEncipherment on the server, we may run into this problem:
https://groups.google.com/g/rabbitmq-users/c/3TQFT8jX-bk?pli=1
Some versions of OpenSSL do not seem affected, or perhaps they had a bug back in 2018. In openssl
1.0.2za-fips 24 Aug 2021, we receive the "insufficient security" error if the client and server certificates do not have both key usages. According to this doc:https://rabbitmq.com/ssl.html#key-usage-effects-on-cipher-suites
The filtering based on key usage will result in client and server not having any common cipher suites to agree on.