Testing TLS 1.0 with OpenSSL master
Matt Caswell
matt at openssl.org
Tue Aug 18 16:49:32 UTC 2020
On 17/08/2020 18:55, John Baldwin wrote:
> 1) Is 'auth_level' supposed to work for this? The CHANGES.md change
> references SSL_CTX_set_security_level and openssl(1) claims that
> '-auth_level' changes this? Is the CHANGES.md entry wrong and only
> SECLEVEL=0 for the ciphers work by design?
openssl(1) says this about auth_level:
"Set the certificate chain authentication security level to I<level>.
The authentication security level determines the acceptable signature
and public key strength when verifying certificate chains."
However, the problem you are seeing is about *handshake* signatures
using SHA1 - so auth_level is not appropriate.
>
> 2) The hang when using a 'master' client seems like a regression?
>
Fix for this issue here:
https://github.com/openssl/openssl/pull/12670
Matt
More information about the openssl-users
mailing list