redondance signature algorithm listed in client hello
Jared Huang
jared.fu at gmail.com
Wed Sep 21 06:04:19 UTC 2022
I noted there is a typo at "rsa_pkcs1_sha5256".
Fix this typo, SSL_CTX_set1_sigalgs_list works as expected.
Jared Huang <jared.fu at gmail.com> 於 2022年9月20日 週二 下午5:34寫道:
> Hello,
>
>
>
> I’m using SSL_CTX_set1_sigalgs_list to set my favorite signature algorithm.
>
> But there is more algorithm listed on client hello message than I desired.
>
>
>
> I defined a list
>
> #define TLS_PREFER_SIGNATURE "rsa_pss_rsae_sha256:" \
>
> "rsa_pss_rsae_sha384:" \
>
> "rsa_pss_rsae_sha512:" \
>
> "rsa_pss_pss_sha256:" \
>
> "rsa_pss_pss_sha384:" \
>
> "rsa_pss_pss_sha512:" \
>
> "ecdsa_secp256r1_sha256:" \
>
> "ecdsa_secp384r1_sha384:" \
>
> "ecdsa_secp521r1_sha512:" \
>
> "rsa_pkcs1_sha256:" \
>
> "rsa_pkcs1_sha384:" \
>
> "rsa_pkcs1_sha5256" \
>
>
>
> Then, use SSL_CTX_set1_sigalgs_list(pCtx, TLS_PREFER_SIGNATURE ) to
> customize signature algorithm.
>
> But in client hello, the signature algorithm has more than I listed.
>
> Signature Hash Algorithms (23 algorithms)
>
> Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
>
> Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
>
> Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
>
> Signature Algorithm: ed25519 (0x0807)
>
> Signature Algorithm: ed448 (0x0808)
>
> Signature Algorithm: rsa_pss_pss_sha256 (0x0809)
>
> Signature Algorithm: rsa_pss_pss_sha384 (0x080a)
>
> Signature Algorithm: rsa_pss_pss_sha512 (0x080b)
>
> Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
>
> Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
>
> Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
>
> Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
>
> Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
>
> Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
>
> Signature Algorithm: SHA224 ECDSA (0x0303)
>
> Signature Algorithm: ecdsa_sha1 (0x0203)
>
> Signature Algorithm: SHA224 RSA (0x0301)
>
> Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
>
> Signature Algorithm: SHA224 DSA (0x0302)
>
> Signature Algorithm: SHA1 DSA (0x0202)
>
> Signature Algorithm: SHA256 DSA (0x0402)
>
> Signature Algorithm: SHA384 DSA (0x0502)
>
> Signature Algorithm: SHA512 DSA (0x0602)
>
>
> Do I make any mistake ? How do i remove SHA+DSA, and others?
>
>
> Thanks
>
> --
> Sincerely,
> Jared
>
>
--
Sincerely,
Jared 黃清富
Mobile: 0932-945-823
E-Mail: jared.fu at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220921/5381492d/attachment.htm>
More information about the openssl-users
mailing list