OCSP response signature algorithm

John Jiang john.sha.jiang at gmail.com
Sun Jul 5 22:15:30 UTC 2020

I just want to know how does OpenSSL implement RFC 6960 section
Responder Signature Algorithm Selection.

Could I take a OpenSSL responder to use SHA1withRSA signature algorithm
if the certificate is signed by this algorithm?

[1] https://tools.ietf.org/html/rfc6960#section-

On Sat, Jul 4, 2020 at 12:18 AM John Jiang <john.sha.jiang at gmail.com> wrote:

> Hi,
> I'm using OpenSSL 1.1.1.
> Can I configure the OCSP response signature algorithm?
> For a RSA issuer, it looks SHA256withRSA always be selected.
> PreferredSignatureAlgorithms extension in OCSP request may affect this
> algorithm in OpenSSL OCSP response. However, I prefer to use configuration.
> Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200706/8a2d027a/attachment-0001.html>

More information about the openssl-users mailing list