Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and
NID_sha512 digest NIDs are supported and the public key algorithm NIDs
-EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC.
+EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA and EVP_PKEY_EC.
The short or long name values for digests can be used in a string (for
example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and
-the public key algorithm strings "RSA", "DSA" or "ECDSA".
+the public key algorithm strings "RSA", "RSA-PSS", "DSA" or "ECDSA".
+
+The TLS 1.3 signature scheme names (such as "rsa_pss_sha256") can also
+be used.
The use of MD5 as a digest is strongly discouraged due to security weaknesses.
Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA
using an array:
- const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
+ const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
- SSL_CTX_set1_sigalgs(ctx, slist, 4);
+ SSL_CTX_set1_sigalgs(ctx, slist, 4);
Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA
using a string:
- SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
+ SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
=head1 RETURN VALUES