projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use better defaults for TSA.
[openssl.git] / apps / openssl.cnf
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 473c884514df7a614d753970463cec9db7ba213b..53c4bef04481f40ab70e7c2cec9eee45357ff05b 100644 (file)
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -335,11 +335,11 @@ signer_cert       = $dir/tsacert.pem      # The TSA signing certificate
 certs          = $dir/cacert.pem       # Certificate chain to include in reply
                                        # (optional)
 signer_key     = $dir/private/tsakey.pem # The TSA private key (optional)
-signer_digest  = sha1                  # Signing digest to use. (Optional)
+signer_digest  = sha256                        # Signing digest to use. (Optional)
 default_policy = tsa_policy1           # Policy if request did not specify it
                                        # (optional)
 other_policies = tsa_policy2, tsa_policy3      # acceptable policies (optional)
-digests                = md5, sha1             # Acceptable message digests (mandatory)
+digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
 accuracy       = secs:1, millisecs:500, microsecs:100  # (optional)
 clock_precision_digits  = 0    # number of digits after dot. (optional)
 ordering               = yes   # Is ordering defined for timestamps?
Unnamed repository; edit this file 'description' to name the repository.