Hello Erwann,
Merci beaucoup! It has worked but with "-sigalgs RSA+SHA256" instead of "sigalgs SHA256+RSA" Finding this option was driving me crazy because I could not find it in the wiki page of s_server: https://wiki.openssl.org/index.php/Manual:S_server(1) Manual:S server(1) - OpenSSLWiki<https://wiki.openssl.org/index.php/Manual:S_server(1)> wiki.openssl.org NAME. s_server - SSL/TLS server program SYNOPSIS. openssl s_server [-accept port] [-naccept count] [-context id] [-verify depth] [-Verify depth] [-crl_check] [-crl ... ________________________________ De: openssl-users <openssl-users-boun...@openssl.org> en nombre de Erwann Abalea <erwann.aba...@docusign.com> Enviado: lunes, 12 de junio de 2017 10:42 Para: openssl-users@openssl.org Asunto: Re: [openssl-users] Understanding RSA_sign and type argument Bonjour, Add « -sigalgs SHA256+RSA » to one of your command lines. Cordialement, Erwann Abalea Le 9 juin 2017 à 09:45, Ignacio Alamo Corsino <nacao2...@hotmail.com<mailto:nacao2...@hotmail.com>> a écrit : Hello everyone, i am having some issues understanding the RSA_sign function: RSA_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa); As far as I know, the signing is a four step process: - Calculate hash with digest algorithm <type> (given as argument to this function -> m) - Encapsulate hash in a DigestInfo structure (X509_SIG) - Structure padding (in RSA_private_encrypt) - Private key operation on this padded structure (in RSA_private_encrypt) Is that correct? So, during the TLS handshake, the RSA_sign function is called in the CertificateVerify step. For my tests, everytime this function is called, the hashing type is SHA512 even though I specify to use a SHA256 hash. These are the commands that I use to test TLS: #openssl s_server -accept 443 -cert cert.pem -key key.pem -Verify 1 -msg -debug -cipher eNULL:aRSA:!SHA512:SHA256 -serverpref #openssl s_client -connect localhost:443 -cert client_cert.pem -key client.key -state -cipher eNULL:aRSA:!SHA512:SHA256 How can I force TLS to use a SHA256 digest for DH? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users