[openssl-users] Regarding to disable some signature algorithm in client hello message

Srivalli Kuppa (srikuppa) srikuppa at cisco.com
Tue Jun 19 17:54:10 UTC 2018

I tried to modify " tls12_sigalgs" list under t1_lib.c in OpenSSL 1.0.2x version to restrict a bunch of signature algorithms from being proposed during Client hello message.
That did work.


On 6/19/18, 5:36 AM, "openssl-users on behalf of murugesh pitchaiah" <openssl-users-bounces at openssl.org on behalf of murugesh.pitchaiah at gmail.com> wrote:

    SSL_CTX_set1_client_sigalgs_list - is the correct method for this purpose.
    Just try for checking return value of this function. On failure it returns 0.
    Also try SSL_CTX_set1_client_sigalgs_list (ctx,  "RSA+SHA256");
    Murugesh P.
    On 6/19/18, Devang Kubavat <devang.kubavat at in.abb.com> wrote:
    > Hi,
    > I want to disable the SHA1 hash algorithm in Extension: signature algorithm
    > client hello message.
    > [cid:image003.jpg at 01D407C3.1A227530]
    > I have used
    >       /* the signature algorithms list */
    >       const char signAlgo[] = "RSA+SHA256";
    >       (void)SSL_CTX_set1_client_sigalgs_list(ctx, signAlgo);
    > But, still client is setting all algorithms. Is there any other way to set
    > signature algorithm to SSL_CTX or SSL ?
    > Best Regards,
    > Devang
    openssl-users mailing list
    To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list