Re: [openssl-dev] [openssl.org #4496] [PATCH] ssl_cert: use the recommended minimum hash from RFC 5480 for EC

On 08/06/16 11:25, Hubert Kario wrote: > On Tuesday 07 June 2016 19:22:00 Matt Caswell via RT wrote: >> On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote: >>> A TLS1.2 connetion with openssl server and gnutls-cli using a >>> SECP384R1 >>> key ends up with SHA256 as the hash algorithm

Re: [openssl-dev] [openssl.org #4496] [PATCH] ssl_cert: use the recommended minimum hash from RFC 5480 for EC

On Tuesday 07 June 2016 19:22:00 Matt Caswell via RT wrote: > On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote: > > A TLS1.2 connetion with openssl server and gnutls-cli using a > > SECP384R1 > > key ends up with SHA256 as the hash algorithm for signing the key > > exchange. > > This is

[openssl-dev] [openssl.org #4496] [PATCH] ssl_cert: use the recommended minimum hash from RFC 5480 for EC

On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote: > A TLS1.2 connetion with openssl server and gnutls-cli using a > SECP384R1 > key ends up with SHA256 as the hash algorithm for signing the key > exchange. > This is because gnutls sends the hash algorithms from weak to strong > and by

[openssl-dev] [openssl.org #4496] [PATCH] ssl_cert: use the recommended minimum hash from RFC 5480 for EC

A TLS1.2 connetion with openssl server and gnutls-cli using a SECP384R1 key ends up with SHA256 as the hash algorithm for signing the key exchange. This is because gnutls sends the hash algorithms from weak to strong and by default client's preference is used. gnutls complains about this