[openssl-users] Setting Signature algorithm for Client Hello in openssl.cnf

Sreekanth Sukumaran sreeees at gmail.com
Fri Aug 17 18:04:31 UTC 2018


Hi All,

I am looking for an option in "openssl.cnf" file to control the signature
algorithms supported by an OpenSSL based TLS client application which it
lists in the "Client Hello" message and also the signature algorithm used
for signing the Client "CertificateVerify" message sent to the server for
proof of possession of the client private key

Is there an option to set this in openssl.cnf file?. I searched the man
pages, but did not see a corresponding option.

What i got so far is
-----------------------------------------------------
ssl_conf = ssl_sect

[ssl_sect]


client = client_secion

[client_section]
ClientSignatureAlgorithms=RSA+SHA256

-------------------------------------------------------

Is this supported in conf file? Can somebody help me with this? Thanks.
-- 
Regards,
Sreekanth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180817/ed9d859c/attachment.html>


More information about the openssl-users mailing list