projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5fd72d9) | patch
Check that the default signature type is allowed
authorKurt Roeckx <kurt@roeckx.be>
Thu, 2 Jan 2020 21:53:32 +0000 (22:53 +0100)
committerKurt Roeckx <kurt@roeckx.be>
Sat, 25 Jan 2020 13:10:40 +0000 (14:10 +0100)
commitb0031e5dc2c8c99a6c04bc7625aa00d3d20a59a5
treeda10e34e905255c2db09f07aa8bd321e52c1a45etree | snapshot
parent5fd72d96a592c3c4ef28ff11c6ef334a856b0cd1commit | diff
Check that the default signature type is allowed

TLS < 1.2 has fixed signature algorithms: MD5+SHA1 for RSA and SHA1 for the
others. TLS 1.2 sends a list of supported ciphers, but allows not sending
it in which case SHA1 is used. TLS 1.3 makes sending the list mandatory.

When we didn't receive a list from the client, we always used the
defaults without checking that they are allowed by the configuration.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #10784
ssl/ssl_local.h diff | blob | history
ssl/t1_lib.c diff | blob | history
test/recipes/70-test_sslsigalgs.t diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.