[openssl-users] Unexpected behaviors in TLS handshake
Devang Kubavat
digant.kubavat at gmail.com
Wed Jun 20 13:51:54 UTC 2018
Hi Matt,
Thanks for reply.
I also used both functions SSL_CTX_set1_sigalgs_list()
SSL_CTX_set1_client_sigalgs_list()
but same thing happens.
I set client side “RSA+SHA512” using SSL_CTX_set1_sigalgs_list() but still it is accepting sever certificate which has signature algorithm SHA256withRSAencryption.
Best Regards,
Devang
Sent from my iPhone
> On 20-Jun-2018, at 2:25 PM, Matt Caswell <matt at openssl.org> wrote:
>
>
>
>> On 20/06/18 09:44, Devang Kubavat wrote:
>> Hi all,
>>
>> I set the signature algorithm using in client,
>>
>> /* signature algorithm list */
>>
>> (void)SSL_CTX_set1_client_sigalgs_list(ctx, “RSA+SHA512”);
>>
>>
>>
>> Expected behavior: client only accepts server certificate which has
>> signature algorithm SHA512withRSAencryption during TLS handshake.
>>
>>
>>
>> But, here even I set “RSA+SHA512” signature algorithm, still client is
>> accepting the server certificate which has signature algorithm
>> SHA256withRSAencryption. Why?
>
> As I said in reply to your other post:
>
> "The function "SSL_CTX_set1_client_sigalgs_list()" is for setting
> signature algorithms related to *client authentication*. This is not the
> same as the sig algs sent in the ClientHello. For that you need to use
> SSL_CTX_set1_sigalgs_list()."
>
> Matt
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list