[openssl-dev] [openssl.org #4496] [PATCH] ssl_cert: use the recommended minimum hash from RFC 5480 for EC
Hubert Kario
hkario at redhat.com
Wed Jun 8 10:25:51 UTC 2016
On Tuesday 07 June 2016 19:22:00 Matt Caswell via RT wrote:
> On Sat Apr 02 14:05:50 2016, sebastian at breakpoint.cc wrote:
> > A TLS1.2 connetion with openssl server and gnutls-cli using a
> > SECP384R1
> > key ends up with SHA256 as the hash algorithm for signing the key
> > exchange.
> > This is because gnutls sends the hash algorithms from weak to strong
> > and by default client's preference is used.
> >
> > gnutls complains about this situation:
> > |<1>| The hash size used in signature (32) is less than the expected
> > (48)
it complains, but does it abort connection?
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160608/835c2138/attachment.sig>
More information about the openssl-dev
mailing list