On Mon, Mar 21, 2022 at 12:12:11AM +0100, Sebastian Andrzej Siewior wrote: > > The change in openssl is commit > cc7c6eb8135b ("Check that the default signature type is allowed")
So that's: commit cc7c6eb8135be665d0acc176a5963e1eaf52e4e2 Author: Kurt Roeckx <k...@roeckx.be> Date: Thu Jan 2 22:53:32 2020 +0100 Check that the default signature type is allowed TLS < 1.2 has fixed signature algorithms: MD5+SHA1 for RSA and SHA1 for the others. TLS 1.2 sends a list of supported ciphers, but allows not sending it in which case SHA1 is used. TLS 1.3 makes sending the list mandatory. When we didn't receive a list from the client, we always used the defaults without checking that they are allowed by the configuration. Reviewed-by: Paul Dale <paul.d...@oracle.com> GH: #10784 (cherry picked from commit b0031e5dc2c8c99a6c04bc7625aa00d3d20a59a5) Kurt