Testing TLS 1.0 with OpenSSL master
jhb at FreeBSD.org
Mon Aug 24 20:38:41 UTC 2020
On 8/18/20 9:49 AM, Matt Caswell wrote:
> On 17/08/2020 18:55, John Baldwin wrote:
>> 1) Is 'auth_level' supposed to work for this? The CHANGES.md change
>> references SSL_CTX_set_security_level and openssl(1) claims that
>> '-auth_level' changes this? Is the CHANGES.md entry wrong and only
>> SECLEVEL=0 for the ciphers work by design?
> openssl(1) says this about auth_level:
> "Set the certificate chain authentication security level to I<level>.
> The authentication security level determines the acceptable signature
> and public key strength when verifying certificate chains."
> However, the problem you are seeing is about *handshake* signatures
> using SHA1 - so auth_level is not appropriate.
I think what I found confusing is that later in the text it says this:
"See SSL_CTX_set_security_level(3) for the definitions of the available
so I had assumed it was calling that function.
>> 2) The hang when using a 'master' client seems like a regression?
> Fix for this issue here:
More information about the openssl-users