OCSP response signature algorithm

John Jiang john.sha.jiang at gmail.com
Thu Jul 9 22:07:51 UTC 2020

I just got the OpenSSL ocsp tool option -rmd for specifying the digest
algorithm in signature.

This option is described at the below page,

Just out of curiosity, why isn't it at the following man page?
Though this option is supported by 1.1.1 series.

On Mon, Jul 6, 2020 at 6:15 AM John Jiang <john.sha.jiang at gmail.com> wrote:

> I just want to know how does OpenSSL implement RFC 6960 section
> Responder Signature Algorithm Selection.
> Could I take a OpenSSL responder to use SHA1withRSA signature algorithm
> if the certificate is signed by this algorithm?
> [1] https://tools.ietf.org/html/rfc6960#section-
> On Sat, Jul 4, 2020 at 12:18 AM John Jiang <john.sha.jiang at gmail.com>
> wrote:
>> Hi,
>> I'm using OpenSSL 1.1.1.
>> Can I configure the OCSP response signature algorithm?
>> For a RSA issuer, it looks SHA256withRSA always be selected.
>> PreferredSignatureAlgorithms extension in OCSP request may affect this
>> algorithm in OpenSSL OCSP response. However, I prefer to use configuration.
>> Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200710/4c106b7a/attachment.html>

More information about the openssl-users mailing list