[openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

Dr. Stephen Henson steve at openssl.org
Sun Jul 17 16:05:35 UTC 2016

On Sun, Jul 17, 2016, Abhilash K.V wrote:

> I am trying to generate a CSR using EC and wanted to have signature
> algorithm as ???ecdsa-with-SHA512???.
> But in the generated csr I am getting signature algorithms as ???Signature
> Algorithm: ecdsa-with-SHA1??? always.
>     if (!X509_REQ_sign(req, privkey, EVP_ecdsa())) {

Don't use EVP_ecdsa() it is an old "linked digest" which uses SHA1 and is only
retained for compatibility with old code. Use EVP_sha512() instead.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list