ben wrote:
> Can someone to explain the following SSL errors to me? What can cause
> these errors?
These are great questions for the mozilla.dev.tech.crypto newsgroup.
Follow up there.
> 1. SSL_ERROR_DECRYPT_ERROR_ALERT -12192 "Peer reports failure of
> signature verification or key exchange".
If you're the client, your "peer" is the server.
If you're the server, your "peer" is the client.
You sent your peer an SSL handshake message and it replied saying that
it didn't like that. Your peer experienced some unexpected and/or
undesired result while processing what you sent it. Maybe you sent
it something bad, or maybe it's having crypto problems of its own.
Best bet is to check for error messages in the peer's log file (if it's
a server), or its error dialogs (if it's a client), to find out what it
didn't like.
> 2. SSL_ERROR_SIGN_HASHES_FAILURE -12222 "Unable to digitally sign data
> required to verify your certificate."
The SSL library in your product asked the PKCS#11 crypto module that
holds your private key to digitally sign some data. That PKCS#11 module
reported that it failed to do so.
This is very rarely seen with NSS's own built-in PKCS#11 crypto module.
Almost always, whenn this is seen, a third-party PKCS#11 crypto module
was in use, usually for some crypto gizmo ("token", "dongle", "fob").
> Thanks.
--
Nelson B
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
