We are seeing exactly the same problem. Client Centos7(xrootd5.5.4-1) server Alma9(xrootd5.5.5-1) . update-crypto-policies --set DEFAULT:SHA1 on server and restarting has no effect. xrdcp from Alma 9 client to Alma 9 server works fine. [leech@pplxint11 ~]$ xrdcp -f -d1 xroot://pplxwn021//tmp/zap local_zap2 230525 11:37:45 255389 secgsi_ClientDoCert: could not instantiate session cipher using cipher public info from server [2023-05-25 11:37:45.619578 +0100][Error ][XRootDTransport ] [pplxwn021:1094.0] Auth protocol handler for gsi refuses to give us more credentials Secgsi: ErrParseBuffer: could not instantiate session cipher : kXGS_cert [2023-05-25 11:37:45.619725 +0100][Error ][AsyncSock ] [pplxwn021:1094.0] Socket error while handshaking: [FATAL] Auth failed [2023-05-25 11:37:45.619845 +0100][Error ][PostMaster ] [pplxwn021:1094] elapsed = 1, pConnectionWindow = 120 seconds. [2023-05-25 11:37:45.619895 +0100][Error ][PostMaster ] [pplxwn021:1094] Unable to recover: [FATAL] Auth failed. [2023-05-25 11:37:45.619932 +0100][Error ][XRootD ] [pplxwn021:1094] Impossible to send message kXR_open (file: /tmp/zap, mode: 00, flags: kXR_open_read kXR_async kXR_retstat ). Trying to recover. [0B/0B][100%][==================================================][0B/s] Run: [FATAL] Auth failed: Secgsi: ErrParseBuffer: could not instantiate session cipher : kXGS_cert (source) I'm also willing to test, as this is stalling our upgrade of all systems to Alma 9. Just a thought. Major upgrade to openssl3 on EL9. Lots of legacy stuff has been dropped. Cheers. -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/2014#issuecomment-1562681648 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1