Skip to content

OpenSSL error - unknown certificate type when using SLH-DSA-* certificates #119573

New issue
New issue
Open
Open
OpenSSL error - unknown certificate type when using SLH-DSA-* certificates#119573
Labels
area-System.Net.Securitytracking-external-issueThe issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly
Milestone
Future
@rzikm

Description

@rzikm
rzikm
opened on Sep 11, 2025

Attempts to use SLH-DSA-* certificates will cause SslStream handshake attempts to fail with

      ---- System.Security.Authentication.AuthenticationException : Authentication failed, see inner exception.
      -------- Interop+OpenSsl+SslException : Using SSL certificate failed with OpenSSL error - unknown certificate type.

The reason seems to be because OpenSSL common provider does not advertise for the SLH-DSA-* signature schemes in its TLS-SIGALG capability

https://github.com/openssl/openssl/blob/0c679f556669e32499a827a081afe3bcf973c9ad/providers/common/capabilities.c#L315-L320

Since the Relevant RFC is still in draft state, this is not unexpected, but until OpenSSL introduces these, it is not going to be possible to use these certs with SslStream.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-System.Net.Securitytracking-external-issueThe issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions