Hi, let's start from the back ;-). > Oliver: you can probably confirm this by trying to trick GFAL to using your client certificate and not a proxy. indeed, that works! > What version is the redirector? In the logs I provided, both instances ran on the same machine, and both used the 5.0.1 binaries. That was on CentOS 8, i.e. openssl-1.1.1c. However, the earlier tests showing the same issue also covered the combinations: - Redirector running 4.12.3 with OpenSSL 1.0.2k (CentOS 7), data server running 5.0.1 with OpenSSL 1.0.2k (CentOS 7). - Both the redirector and data server running 5.0.1 with OpenSSL 1.0.2k (CentOS 7). Both were affected, too. The error "looked the same", I could of course also try to catch logs, but that would take a bit (would then reproduce in our test setup). > So, relative to (b) you can test the hypothesis that it's the elliptic ciphers that are causing the problem by including the directive in the R5 server: {{http.cipherfilter ALL:!LOW:!EXP:!MD5:!MD2}} Since it also happened in the 5.0.1 <=> 5.0.1 combination on a single node with two instances, this is probably nought — I still tried it, but the error remains. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1276#issuecomment-685769202 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1