On Tuesday 07 June 2016 19:22:00 Matt Caswell via RT wrote: > On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote: > > A TLS1.2 connetion with openssl server and gnutls-cli using a > > SECP384R1 > > key ends up with SHA256 as the hash algorithm for signing the key > > exchange. > > This is because gnutls sends the hash algorithms from weak to strong > > and by default client's preference is used. > > > > gnutls complains about this situation: > > |<1>| The hash size used in signature (32) is less than the expected > > (48)
it complains, but does it abort connection? -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
