Testing TLS 1.0 with OpenSSL master
John Baldwin
jhb at FreeBSD.org
Mon Aug 24 20:38:41 UTC 2020
On 8/18/20 9:49 AM, Matt Caswell wrote:
>
>
> On 17/08/2020 18:55, John Baldwin wrote:
>> 1) Is 'auth_level' supposed to work for this? The CHANGES.md change
>> references SSL_CTX_set_security_level and openssl(1) claims that
>> '-auth_level' changes this? Is the CHANGES.md entry wrong and only
>> SECLEVEL=0 for the ciphers work by design?
>
> openssl(1) says this about auth_level:
>
> "Set the certificate chain authentication security level to I<level>.
> The authentication security level determines the acceptable signature
> and public key strength when verifying certificate chains."
>
> However, the problem you are seeing is about *handshake* signatures
> using SHA1 - so auth_level is not appropriate.
I think what I found confusing is that later in the text it says this:
"See SSL_CTX_set_security_level(3) for the definitions of the available
levels."
so I had assumed it was calling that function.
>> 2) The hang when using a 'master' client seems like a regression?
>>
>
> Fix for this issue here:
>
> https://github.com/openssl/openssl/pull/12670
Thanks!
--
John Baldwin
More information about the openssl-users
mailing list