[openssl-users] Unexpected behaviors in TLS handshake

Matt Caswell matt at openssl.org
Wed Jun 20 08:55:56 UTC 2018



On 20/06/18 09:44, Devang Kubavat wrote:
> Hi all,
> 
> I set the signature algorithm using in client,
> 
> /* signature algorithm list */
> 
> (void)SSL_CTX_set1_client_sigalgs_list(ctx, “RSA+SHA512”);
> 
>  
> 
> Expected behavior: client only accepts server certificate which has
> signature algorithm SHA512withRSAencryption during TLS handshake.
> 
>  
> 
> But, here even I set “RSA+SHA512” signature algorithm, still client is
> accepting the server certificate which has signature algorithm
> SHA256withRSAencryption. Why?

As I said in reply to your other post:

"The function "SSL_CTX_set1_client_sigalgs_list()" is for setting
signature algorithms related to *client authentication*. This is not the
same as the sig algs sent in the ClientHello. For that you need to use
SSL_CTX_set1_sigalgs_list()."

Matt


More information about the openssl-users mailing list