Way cool! -- Principal Security Engineer Akamai Technology Cambridge, MA
-----Original Message----- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Monday, June 03, 2013 9:08 AM To: openssl-dev@openssl.org Cc: k...@roeckx.be Subject: Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5 On Mon, Jun 03, 2013, Salz, Rich wrote: > It's a general problem; what if the client list contains stronger ciphers but > they appear after the weaker ones? > > We modified code so that the server side can have its own ordered list, and > it will search through that list from what the client offers. > > If I can get the patches released, is there any interest? > That's already supported in OpenSSL 1.0.2-dev and the master branch. Client and server can set signature algorithm preference lists which can be used to select the appropriate signature algorithm to use. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org