<div dir="ltr">I noted there is a typo at 

<span style="font-family:Calibri,sans-serif;font-size:16px">"rsa_pkcs1_sha5256".</span><div><font face="Calibri, sans-serif"><span style="font-size:16px">Fix this typo, </span></font><span style="font-family:Calibri,sans-serif;font-size:16px">SSL_CTX_set1_sigalgs_list works as expected.</span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Jared Huang <<a href="mailto:jared.fu@gmail.com">jared.fu@gmail.com</a>> 於 2022年9月20日 週二 下午5:34寫道：<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">Hello,</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US"> </span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">I’m using SSL_CTX_set1_sigalgs_list to set my favorite signature algorithm.</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">But there is more algorithm listed on client hello message than I desired.</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US"> </span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">I defined a list</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">#define TLS_PREFER_SIGNATURE    "rsa_pss_rsae_sha256:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "rsa_pss_rsae_sha384:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "rsa_pss_rsae_sha512:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "rsa_pss_pss_sha256:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "rsa_pss_pss_sha384:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "rsa_pss_pss_sha512:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "ecdsa_secp256r1_sha256:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "ecdsa_secp384r1_sha384:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "ecdsa_secp521r1_sha512:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "rsa_pkcs1_sha256:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "rsa_pkcs1_sha384:" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">                                "rsa_pkcs1_sha5256" \</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US"> </span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">Then, use SSL_CTX_set1_sigalgs_list(pCtx, TLS_PREFER_SIGNATURE ) to customize signature algorithm.</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">But in client hello, the signature algorithm has more than I listed.</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">Signature Hash Algorithms (23 algorithms)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: ed25519 (0x0807)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: ed448 (0x0808)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: rsa_pss_pss_sha256 (0x0809)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: rsa_pss_pss_sha384 (0x080a)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: rsa_pss_pss_sha512 (0x080b)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: rsa_pkcs1_sha256 (0x0401)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: rsa_pkcs1_sha384 (0x0501)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: rsa_pkcs1_sha512 (0x0601)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: SHA224 ECDSA (0x0303)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: ecdsa_sha1 (0x0203)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: SHA224 RSA (0x0301)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: rsa_pkcs1_sha1 (0x0201)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: SHA224 DSA (0x0302)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: SHA1 DSA (0x0202)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: SHA256 DSA (0x0402)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: SHA384 DSA (0x0502)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US">    Signature Algorithm: SHA512 DSA (0x0602)</span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span lang="EN-US"><br></span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif">Do I make any mistake ? How do i remove SHA+DSA, and others?</p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><br></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif">Thanks</p><div><br></div>-- <br><div dir="ltr"><div dir="ltr">Sincerely,<br>Jared<br><br></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Sincerely,<br>Jared 黃清富<br>Mobile: 0932-945-823<br>E-Mail: <a href="mailto:jared.fu@gmail.com" target="_blank">jared.fu@gmail.com</a></div></div></div>