OpenSSL s_client not able to connect to the server with Openssl 3.x

Question

Requested our operations partner to configure TLS for Db2 on z/os. All fine when using OpenSSL version 1.x to verify, but it just won't happen when using openssl version 3.x, and I'm not able to understand why. Assuming that there is some added features on version 3 that makes sure to block due to some vulnerabilities in our config.

Signature algorithm for the certificate is sha256RSA, whereas the root certificate is signed using sha1RSA, but that should not matter to my understanding.

nMap on Linux says

nmap --script ssl-enum-ciphers -p 5001 db2-schemas.cfdu.no
Starting Nmap 7.60 ( https://nmap.org ) at 2022-12-12 23:12 CET
Nmap scan report for db2-schemas.cfdu.no (xx.xx.xx.xx)
Host is up (0.012s latency).
PORT     STATE SERVICE
5021/tcp open  zenginkyo-2
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp192r1) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp192r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp192r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp192r1) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp192r1) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp192r1) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp192r1) - D
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
|       TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp192r1) - D
|       TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
|     compressors:
|       NULL
|     cipher preference: server
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|       Broken cipher RC4 is deprecated by RFC 7465
|       Ciphersuite uses MD5 for message integrity
|       Key exchange (dh 1024) of lower strength than certificate key
|       Key exchange (secp192r1) of lower strength than certificate key
|_  least strength: D

Cipher in use is

SSL-Session:
Protocol  : TLSv1.2
Cipher    : AES256-GCM-SHA384

Listing available ciphers on the client I see

0x00,0x9D - AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD

Command being used

openssl.exe s_client -connect db2-schemas.cfdu.no:5001  -tls1_2 -state -trace -security_debug_verbose

Gives the following outputs

CONNECTED(000001A8)
Sent Record
Header:
  Version = TLS 1.0 (0x301)
  Content Type = Handshake (22)
  Length = 215
    ClientHello, Length=211
      client_version=0x303 (TLS 1.2)
      Random:
        gmt_unix_time=0xB6540B81
        random_bytes (len=28): 5488E9F1175F6F57BC86E72BB8F02E6DC798E8F46162270D34B8182F
      session_id (len=0): 
      cipher_suites (len=56)
        {0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        {0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        {0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        {0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
        {0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        {0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        {0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        {0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        {0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
        {0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
        {0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
        {0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
        {0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        {0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
        {0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        {0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        {0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        {0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        {0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        {0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        {0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384
        {0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
        {0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
        {0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
        {0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA
        {0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA
        {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
      compression_methods (len=1)
        No Compression (0x00)
      extensions, length = 114
        extension_type=server_name(0), length=28
          0000 - 00 1a 00 00 17 64 62 32-2d 73 63 68 65 6d 61   .....db2-schema
          000f - 73 2e 63 66 64 75 2e 6b-6c 70 2e 6e 6f         s.cfdu.klp.no
        extension_type=ec_point_formats(11), length=4
          uncompressed (0)
          ansiX962_compressed_prime (1)
          ansiX962_compressed_char2 (2)
        extension_type=supported_groups(10), length=12
          ecdh_x25519 (29)
          secp256r1 (P-256) (23)
          ecdh_x448 (30)
          secp521r1 (P-521) (25)
          secp384r1 (P-384) (24)
        extension_type=session_ticket(35), length=0
        extension_type=encrypt_then_mac(22), length=0
        extension_type=extended_master_secret(23), length=0
        extension_type=signature_algorithms(13), length=42
          ecdsa_secp256r1_sha256 (0x0403)
          ecdsa_secp384r1_sha384 (0x0503)
          ecdsa_secp521r1_sha512 (0x0603)
          ed25519 (0x0807)
          ed448 (0x0808)
          rsa_pss_pss_sha256 (0x0809)
          rsa_pss_pss_sha384 (0x080a)
          rsa_pss_pss_sha512 (0x080b)
          rsa_pss_rsae_sha256 (0x0804)
          rsa_pss_rsae_sha384 (0x0805)
          rsa_pss_rsae_sha512 (0x0806)
          rsa_pkcs1_sha256 (0x0401)
          rsa_pkcs1_sha384 (0x0501)
          rsa_pkcs1_sha512 (0x0601)
          ecdsa_sha224 (0x0303)
          rsa_pkcs1_sha224 (0x0301)
          dsa_sha224 (0x0302)
          dsa_sha256 (0x0402)
          dsa_sha384 (0x0502)
          dsa_sha512 (0x0602)
Received Record
Header:
  Version = TLS 1.2 (0x303)
  Content Type = Alert (21)
  Length = 2

no peer certificate available
No client certificate CA names sent
SSL handshake has read 5 bytes and written 220 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1670879495
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no

and in addition

Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
SSL_connect:before SSL initialization
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Signature Algorithm mask scheme=ecdsa_secp256r1_sha256, security bits=128: yes
Security callback: Signature Algorithm mask scheme=rsa_pss_pss_sha256, security bits=128: yes
Security callback: Signature Algorithm mask digest=SHA224, algorithm=DSA, security bits=112: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA, security bits=128: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Signature Algorithm mask scheme=ecdsa_secp256r1_sha256, security bits=128: yes
Security callback: Signature Algorithm mask scheme=rsa_pss_pss_sha256, security bits=128: yes
Security callback: Signature Algorithm mask digest=SHA224, algorithm=DSA, security bits=112: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA, security bits=128: yes
Security callback: Supported Curve=X25519, security bits=128: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Signature Algorithm mask scheme=ecdsa_secp256r1_sha256, security bits=128: yes
Security callback: Signature Algorithm mask scheme=rsa_pss_pss_sha256, security bits=128: yes
Security callback: Signature Algorithm mask digest=SHA224, algorithm=DSA, security bits=112: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA, security bits=128: yes
Security callback: Supported Curve=X25519, security bits=128: yes
Security callback: Supported Curve=X25519, security bits=128: yes
Security callback: Supported Curve=P-256, security bits=128: yes
Security callback: Supported Curve=X448, security bits=224: yes
Security callback: Supported Curve=P-521, security bits=256: yes
Security callback: Supported Curve=P-384, security bits=192: yes
Security callback: : yes
Security callback: Supported Signature Algorithm scheme=ecdsa_secp256r1_sha256, security bits=128: yes
Security callback: Supported Signature Algorithm scheme=ecdsa_secp384r1_sha384, security bits=192: yes
Security callback: Supported Signature Algorithm scheme=ecdsa_secp521r1_sha512, security bits=256: yes
Security callback: Supported Signature Algorithm scheme=ed25519, security bits=128: yes
Security callback: Supported Signature Algorithm scheme=ed448, security bits=224: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_pss_sha256, security bits=128: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_pss_sha384, security bits=192: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_pss_sha512, security bits=256: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_rsae_sha256, security bits=128: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_rsae_sha384, security bits=192: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_rsae_sha512, security bits=256: yes
Security callback: Supported Signature Algorithm scheme=rsa_pkcs1_sha256, security bits=128: yes
Security callback: Supported Signature Algorithm scheme=rsa_pkcs1_sha384, security bits=192: yes
Security callback: Supported Signature Algorithm scheme=rsa_pkcs1_sha512, security bits=256: yes
Security callback: Supported Signature Algorithm digest=SHA224, algorithm=ECDSA, security bits=112: yes
Security callback: Supported Signature Algorithm scheme=ecdsa_sha1, security bits=64: no
Security callback: Supported Signature Algorithm digest=SHA224, algorithm=RSA, security bits=112: yes
Security callback: Supported Signature Algorithm scheme=rsa_pkcs1_sha1, security bits=64: no
Security callback: Supported Signature Algorithm digest=SHA224, algorithm=DSA, security bits=112: yes
Security callback: Supported Signature Algorithm digest=SHA1, algorithm=DSA, security bits=64: no
Security callback: Supported Signature Algorithm digest=SHA256, algorithm=DSA, security bits=128: yes
Security callback: Supported Signature Algorithm digest=SHA384, algorithm=DSA, security bits=192: yes
Security callback: Supported Signature Algorithm digest=SHA512, algorithm=DSA, security bits=256: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
SSL_connect:SSLv3/TLS write client hello
SSL_connect:error in SSLv3/TLS write client hello
write:errno=10054

Update - using -msg

openssl.exe s_client -connect db2-schemas.cfdu.no:5001 -msg

returns

CONNECTED(00000194)
>>> TLS 1.0, RecordHeader [length 0005]
    16 03 01 01 44
>>> TLS 1.3, Handshake [length 0144], ClientHello
    01 00 01 40 03 03 a0 33 1c 0e bf 68 a6 ea 47 8c
    3b ad 90 4a 5e 19 22 9c ba 74 0a b3 64 bb 6d 81
    79 77 45 64 40 cb 20 9a 96 20 23 43 8c bf a6 99
    23 38 4c 65 bf df ae e3 08 26 0b ab 29 e3 49 f0
    11 83 90 13 ea a6 77 00 3e 13 02 13 03 13 01 c0
    2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00
    9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0
    14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00
    3c 00 35 00 2f 00 ff 01 00 00 b9 00 00 00 1c 00
    1a 00 00 17 64 62 32 2d 73 63 68 65 6d 61 73 2e
    63 66 64 75 2e 6b 6c 70 2e 6e 6f 00 0b 00 04 03
    00 01 02 00 0a 00 16 00 14 00 1d 00 17 00 1e 00
    19 00 18 01 00 01 01 01 02 01 03 01 04 00 23 00
    00 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04
    03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08
    04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03
    02 04 02 05 02 06 02 00 2b 00 09 08 03 04 03 03
    03 02 03 01 00 2d 00 02 01 01 00 33 00 26 00 24
    00 1d 00 20 ba 86 11 55 14 53 95 cf 93 98 f4 ad
    b0 2b 9e 07 d5 20 7a c0 85 86 c5 a0 85 e7 93 7e
    d0 d8 6e 21
<<< TLS 1.2, RecordHeader [length 0005]
    15 03 03 00 02
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 329 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

and the state

SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL_connect:error in SSLv3/TLS write client hello
write:errno=10054

Error code on the server

On the z/os when they debug they see the error "467 Signature algorithm not in signature algorithm pairs list" https://www.ibm.com/docs/en/zos/2.3.0?topic=codes-467 and by that their assumption is that the v3 client does not support a certificate which has a root certificate that has been signed with sha1RSA. But all what I have found indicates that this should not be an issue. Instead I suspect that the cipher AES256-GCM-SHA384 could be the issue, ref the link it is considered weak. Compared to an internal website with the same intermediate and root using TLS_AES_256_GCM_SHA384. That one is considered recommended, and openssl v3 has no issues.

Any hints to what I am missing here in order to get it working with OpenSSL v 3 as well?

That's weird; for a received Alert -trace should decode (also) the 'Level' and 'description' which will probably be helpful. Possibly the server is giving a bogus value that screws up the decode somehow? First ditch the -security_debug_verbose which is irrelevant to this kind of problem, then try changing -trace to -msg to see if you get different info about the alert, and if not to -debug which gives you the raw TCP-level data and we can manually check it. — dave_thompson_085, Dec 15 '22 at 04:20
@dave_thompson_085: Added -msg and some additional information about the cert chain / sha1 / cipher in use. — rhellem, Dec 15 '22 at 06:07
"... and by that their assumption is that the v3 client does not support a certificate which has a root certificate that has been signed with sha1RSA. But all what I have found indicates that this should not be an issue." - why do you think this is not the issue? Please provide the details about the certificate which show that it is signed with an algorithm which is actually supported by the client (i.e. not something involving SHA-1) — Steffen Ullrich, Dec 15 '22 at 09:37
@SteffenUllrich: Well, the root and intermediate is used internally for a huge number of services, I have tested using openssl s_client websites runned by Apache, Oracle database TLS and Active Directory, all with OpenSSL v3 s_client, no issues. Therefore I find it surprising if z/os for some reason should require sha256RSA for the root as the only one. And reading https://security.stackexchange.com/questions/91913/why-is-it-fine-for-certificates-above-the-end-entity-certificate-to-be-sha-1-bas/91918#91918 - it should be fine to use SHA1. — rhellem, Dec 15 '22 at 20:49
Okay -msg still doesn't show the body of the alert, which continues to be weird. But if the host says they are rejecting for signature algorithm, I'll believe it. By default OpenSSL 1.1.x includes SHA1 schemes in sigalgs and 3.0.x doesn't. rfc8446 4.2.3 (and 4.4.2.2) explicitly allows a selfsigned (root) or anchor cert that doesn't comply with sigalgs, but rfc5246 says 'all certs provided' must comply -- does this server send the root, or omit it (as allowed in all versions)? You could test/workaround this with -sigalgs rsa_pkcs1_sha256:rsa_pkcs1_sha1. — dave_thompson_085, Dec 16 '22 at 02:46
PS: TLS_RSA_WITH_AES_256_GCM_SHA384 (which OpenSSL calls AES-256-GCM-SHA384) is a TLS1.2 suite and isn't really weak, but uses 'plain-RSA' keyexchange which doesn't provide Forward Secrecy and is undesirable for that reason. Resources designed for dummies like that website don't explain different kinds of undesirability and just lump them all together. TLS_AES_256_GCM_SHA384 is a TLS1.3 suite and 1.3 no longer uses plain-RSA keyexchange. Does this server support 1.3? Your good example is 1.2. (Don't go by the version on the alert though; 1.3 uses the same record layer version as 1.2.) — dave_thompson_085, Dec 16 '22 at 02:56

OpenSSL s_client not able to connect to the server with Openssl 3.x

no peer certificate available

No client certificate CA names sent

Update - using -msg

Error code on the server

0 Answers0