Testing TLS 1.0 with OpenSSL master

Matt Caswell matt at openssl.org
Tue Aug 18 16:49:32 UTC 2020



On 17/08/2020 18:55, John Baldwin wrote:
> 1) Is 'auth_level' supposed to work for this?  The CHANGES.md change
>    references SSL_CTX_set_security_level and openssl(1) claims that
>    '-auth_level' changes this?  Is the CHANGES.md entry wrong and only
>    SECLEVEL=0 for the ciphers work by design?

openssl(1) says this about auth_level:

"Set the certificate chain authentication security level to I<level>.
The authentication security level determines the acceptable signature
and public key strength when verifying certificate chains."

However, the problem you are seeing is about *handshake* signatures
using SHA1 - so auth_level is not appropriate.


> 
> 2) The hang when using a 'master' client seems like a regression?
> 

Fix for this issue here:

https://github.com/openssl/openssl/pull/12670

Matt



More information about the openssl-users mailing list