[openssl-users] TLS 1.3 handshake: Limit signature algorithm?

Matt Caswell matt at openssl.org
Thu Nov 2 10:45:26 UTC 2017



On 02/11/17 10:32, Christian Heimes wrote:
> However this trick will not work with TLS 1.3. The new TLS 1.3 cipher
> suites no longer specify authentication algorithm or key
> agreement/exchange. TLS 1.3 RFC specifies a signature_algorithms
> extension [5]. I could not find any API call in OpenSSL master to set
> the extension for TLS 1.3 handshakes.

Probably you want to look at these functions:

https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_sigalgs.html

Matt


More information about the openssl-users mailing list