On 08/06/16 11:25, Hubert Kario wrote: > On Tuesday 07 June 2016 19:22:00 Matt Caswell via RT wrote: >> On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote: >>> A TLS1.2 connetion with openssl server and gnutls-cli using a >>> SECP384R1 >>> key ends up with SHA256 as the hash algorithm for signing the key >>> exchange. >>> This is because gnutls sends the hash algorithms from weak to strong >>> and by default client's preference is used. >>> >>> gnutls complains about this situation: >>> |<1>| The hash size used in signature (32) is less than the expected >>> (48) > > it complains, but does it abort connection?
FYI, there is a (long!) discussion on this issue here: https://github.com/openssl/openssl/pull/1046 Matt
signature.asc
Description: OpenPGP digital signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
