[openssl-users] Why is this OCSP response reporting a hash using SHA1?

Salz, Rich rsalz at akamai.com
Mon Sep 11 16:23:06 UTC 2017

    Ah,  put -sha256 in the CLIENT request.  Seems kind of backward.  Or at 
    least the server should have some control over the hash used?

Well, it is the client that is making the request, so therefore the client needs to hash the cert information.

A production-quality OCSP responder might have configuration controls to specify which type of digests it wants to see in the request.  As with most of the OpenSSL command-line interface, it’s not a product.

More information about the openssl-users mailing list