In Openssl 1.1.1a, how can I force the TLS1.2 user to use the "rsa_pkcs_sha512" signature algorithm? Many thanks in advance.

Thu Aug 12 12:38:11 UTC 2021

On Tuesday, 10 August 2021 22:48:58 CEST, Ma Zhenhua wrote:
> Hi team,
>
> In Openssl 1.1.1a, how can I force the TLS1.2 user to use the 
> "rsa_pkcs_sha512" signature algorithm? Many thanks in advance.

openssl s_client -sigalgs RSA+SHA512
or 
SSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA512");

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic