`routines:tls12_check_peer_sigalg:wrong curve` when scanning `serviceportal.schleswig-holstein.de`

Question

`routines:tls12_check_peer_sigalg:wrong curve` when scanning `serviceportal.schleswig-holstein.de`

muffl0n opened this issue 2 years ago · comments

Describe the bug
Scan for serviceportal.schleswig-holstein.de fails:

 * Error when running --elliptic_curves:
       You can open an issue at https://github.com/nabla-c0d3/sslyze/issues with the following information:

       * SSLyze version: 5.0.5
       * Server: serviceportal.schleswig-holstein.de:443 - HTTP proxy at 127.0.0.1:8888
       * Scan command: elliptic_curves

       Traceback (most recent call last):
         File "/usr/local/Cellar/sslyze/5.0.5_1/libexec/lib/python3.10/site-packages/sslyze/scanner/_mass_scanner.py", line 267, in _generate_result_for_completed_server_scan
    scan_cmd_result = plugin_implementation_cls.result_for_completed_scan_jobs(
         File "/usr/local/Cellar/sslyze/5.0.5_1/libexec/lib/python3.10/site-packages/sslyze/plugins/elliptic_curves_plugin.py", line 169, in result_for_completed_scan_jobs
    all_ecdh_results = [scan_job.get_result() for scan_job in scan_job_results]
         File "/usr/local/Cellar/sslyze/5.0.5_1/libexec/lib/python3.10/site-packages/sslyze/plugins/elliptic_curves_plugin.py", line 169, in <listcomp>
    all_ecdh_results = [scan_job.get_result() for scan_job in scan_job_results]
         File "/usr/local/Cellar/sslyze/5.0.5_1/libexec/lib/python3.10/site-packages/sslyze/plugins/plugin_base.py", line 61, in get_result
    raise self._exception
         File "/usr/local/Cellar/sslyze/5.0.5_1/libexec/lib/python3.10/site-packages/sslyze/scanner/_jobs_worker_thread.py", line 50, in run
    return_value = job_to_complete.function_to_call(*job_to_complete.function_arguments)
         File "/usr/local/Cellar/sslyze/5.0.5_1/libexec/lib/python3.10/site-packages/sslyze/plugins/elliptic_curves_plugin.py", line 213, in _test_curve
    ssl_connection.connect()
         File "/usr/local/Cellar/sslyze/5.0.5_1/libexec/lib/python3.10/site-packages/sslyze/connection_helpers/tls_connection.py", line 294, in connect
    self.ssl_client.do_handshake()
         File "/usr/local/Cellar/sslyze/5.0.5_1/libexec/lib/python3.10/site-packages/nassl/ssl_client.py", line 182, in do_handshake
    self._ssl.do_handshake()
       nassl._nassl.OpenSSLError: error:1414D17A:SSL routines:tls12_check_peer_sigalg:wrong curve

To Reproduce
Steps to reproduce the behavior:

Install SSLyze using homebrew
Run the following command sslyze serviceportal.schleswig-holstein.de
See error

Expected behavior
no error

Python environment (please complete the following information):

OS: macOS Big Sur (11.6.8)
Python version: 3.10

Alban Diquet · Answer 1 · Sat Oct 15 2022 19:18:12 GMT+0800 (China Standard Time)

Fix released as part of v5.0.6.