[openssl-users] Regarding to disable some signature algorithm in client hello message
Matt Caswell
matt at openssl.org
Tue Jun 19 09:41:37 UTC 2018
On 19/06/18 07:16, Devang Kubavat wrote:
> Hi,
>
>
>
> I want to disable the SHA1 hash algorithm in Extension: signature
> algorithm client hello message.
>
>
>
> I have used
>
> /* the signature algorithms list */
>
> constcharsignAlgo[] = "RSA+SHA256";
>
> (void)SSL_CTX_set1_client_sigalgs_list(ctx, signAlgo);
>
>
>
> But, still client is setting all algorithms. Is there any other way to
> set signature algorithm to SSL_CTX or SSL ?
The function "SSL_CTX_set1_client_sigalgs_list()" is for setting
signature algorithms related to *client authentication*. This is not the
same as the sig algs sent in the ClientHello. For that you need to use
SSL_CTX_set1_sigalgs_list().
Matt
More information about the openssl-users
mailing list