This discusses some additional things you may need o do https://computingforgeeks.com/configure-system-wide-cryptographic-policies/ However, while this should work for RH distribution. It's not at all clear crypto policies will work in the Alma distribution; at least not without somme additional effort. Andy On Thu, 25 May 2023, mike-leech wrote: > We are seeing exactly the same problem. Client Centos7(xrootd5.5.4-1) server Alma9(xrootd5.5.5-1) . > > update-crypto-policies --set DEFAULT:SHA1 on server and restarting has no effect. > > xrdcp from Alma 9 client to Alma 9 server works fine. > > ***@***.*** ~]$ xrdcp -f -d1 xroot://pplxwn021//tmp/zap local_zap2 > 230525 11:37:45 255389 secgsi_ClientDoCert: could not instantiate session cipher using cipher public info from server > [2023-05-25 11:37:45.619578 +0100][Error ][XRootDTransport ] [pplxwn021:1094.0] Auth protocol handler for gsi refuses to give us more credentials Secgsi: ErrParseBuffer: could not instantiate session cipher : kXGS_cert > [2023-05-25 11:37:45.619725 +0100][Error ][AsyncSock ] [pplxwn021:1094.0] Socket error while handshaking: [FATAL] Auth failed > [2023-05-25 11:37:45.619845 +0100][Error ][PostMaster ] [pplxwn021:1094] elapsed = 1, pConnectionWindow = 120 seconds. > [2023-05-25 11:37:45.619895 +0100][Error ][PostMaster ] [pplxwn021:1094] Unable to recover: [FATAL] Auth failed. > [2023-05-25 11:37:45.619932 +0100][Error ][XRootD ] [pplxwn021:1094] Impossible to send message kXR_open (file: /tmp/zap, mode: 00, flags: kXR_open_read kXR_async kXR_retstat ). Trying to recover. > [0B/0B][100%][==================================================][0B/s] > Run: [FATAL] Auth failed: Secgsi: ErrParseBuffer: could not instantiate session cipher : kXGS_cert (source) > > > I'm also willing to test, as this is stalling our upgrade of all systems to Alma 9. > > Just a thought. Major upgrade to openssl3 on EL9. Lots of legacy stuff has been dropped. > > Cheers. > > -- > Reply to this email directly or view it on GitHub: > https://github.com/xrootd/xrootd/issues/2014#issuecomment-1562681648 > You are receiving this because you are subscribed to this thread. > > Message ID: ***@***.***> -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/2014#issuecomment-1563300094 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1