error:0308010C:digital envelope routines::unsupported after upgrade

Advertisement

Timeruler
Joined:
Posts:
5

error:0308010C:digital envelope routines::unsupported after upgrade

Hello
We have been using WinSCP to connect to FTPS for a couple of years without any issues.

We recently upgrade to new certificate for connection, again without any issues.

But after upgrading WinSCP from version 5.19.6 to 6.3.1 we cannot establish FTPS connection.

We get following error message:
Cannot read certificate "D:\Scripts\XXXXXXXX.pfx".
error:0308010C:digital envelope routines::unsupported
We tried to upgrade OpenSSL to latest version on server, but that didn't have any impact.

We ended up rolling back to version 5.19.6 and everything was running again.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,441
Location:
Prague, Czechia

Re: error:0308010C:digital envelope routines::unsupported after upgrade

Thanks for your report.
How did you get/generate the PFX?

Reply with quote

Timeruler
Joined:
Posts:
5

error:0308010C:digital envelope routines::unsupported after upgrade

Hello

it's from the danish goverment used to identify company.

OCES3 they are called here in Denmark.
itermediate:
C = DK
O = Den Danske Stat
CN = Den Danske Stat OCES udstedende-CA 1

Root CA:
C = DK
O = Den Danske Stat
CN = Den Danske Stat OCES rod-CA


Don't know if you can use that.

regards,
Lasse

Reply with quote

martin
Site Admin
martin avatar

Re: error:0308010C:digital envelope routines::unsupported after upgrade

Don't you have some maybe expired or otherwise invalid certificate of the same type/format that might be able to share with us?

Reply with quote

Timeruler
Joined:
Posts:
5

Re: error:0308010C:digital envelope routines::unsupported after upgrade

I would love to provide you with it, but the CA and Intermediate CA are jus under 8 months old as far as I know.
And as such I don't have access to an expired certificate.

I would be happy to provide you with as much details as possible, but i cannot provide a complete certificate.

Reply with quote

Advertisement

Guest

Re: error:0308010C:digital envelope routines::unsupported after upgrade

I'll get back to you on that.

Looks promising, just got at few issues in other departments I need to take care of :D

Thank you for the suggestion.

Love your product

Reply with quote

Timeruler
Joined:
Posts:
5

Hello Martin

I've now had a chance to look into the certificate, and the above mentioned link provided some excellent commands to verify the certificate.

And indeed our certificate seems to have an outdated encryption.
Suspect it's because it's an export from a keystore as mentioned in the article.

Running the openssl command (3.x) gave following information (passphrase needed):
openssl pkcs12 -in "x:\xxxx\xxx\XXXXX.pfx" -info -nokeys -nocerts
Info:
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1024
When we have time well try to use the info from the article to make a reencryption of the certificate an see if it will work with latest version of WinSCP

Thank you for the help

Reply with quote

Advertisement

Advertisement

You can post new topics in this forum