[openssl-users] Unexpected behaviors in TLS handshake

Devang Kubavat digant.kubavat at gmail.com
Wed Jun 20 13:51:54 UTC 2018


Hi Matt, 
Thanks for reply. 

I also used both functions SSL_CTX_set1_sigalgs_list() 
SSL_CTX_set1_client_sigalgs_list() 
but same thing happens. 
I set client side “RSA+SHA512” using SSL_CTX_set1_sigalgs_list() but still it is accepting sever certificate which has signature algorithm SHA256withRSAencryption. 

Best Regards, 
Devang

Sent from my iPhone

> On 20-Jun-2018, at 2:25 PM, Matt Caswell <matt at openssl.org> wrote:
> 
> 
> 
>> On 20/06/18 09:44, Devang Kubavat wrote:
>> Hi all,
>> 
>> I set the signature algorithm using in client,
>> 
>> /* signature algorithm list */
>> 
>> (void)SSL_CTX_set1_client_sigalgs_list(ctx, “RSA+SHA512”);
>> 
>>  
>> 
>> Expected behavior: client only accepts server certificate which has
>> signature algorithm SHA512withRSAencryption during TLS handshake.
>> 
>>  
>> 
>> But, here even I set “RSA+SHA512” signature algorithm, still client is
>> accepting the server certificate which has signature algorithm
>> SHA256withRSAencryption. Why?
> 
> As I said in reply to your other post:
> 
> "The function "SSL_CTX_set1_client_sigalgs_list()" is for setting
> signature algorithms related to *client authentication*. This is not the
> same as the sig algs sent in the ClientHello. For that you need to use
> SSL_CTX_set1_sigalgs_list()."
> 
> Matt
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


More information about the openssl-users mailing list