RE: OpenSSL choosing inappropriate signature algorithm

... Erik Tkal Juniper OAC/UAC/Pulse Development From: John Foley [mailto:fol...@cisco.com] Sent: Monday, October 22, 2012 3:02 PM To: openssl-dev@openssl.org Cc: Erik Tkal Subject: Re: OpenSSL choosing inappropriate signature algorithm Agreed. This does raise an interesting design dilemma. The client

RE: OpenSSL choosing inappropriate signature algorithm

Sent: Monday, October 22, 2012 3:12 PM To: John Foley; openssl-dev@openssl.org Subject: RE: OpenSSL choosing inappropriate signature algorithm It appears that the clientHello only indicates overall what the client supports. The server sends another such list in its certificateRequest message. I'm

Re: OpenSSL choosing inappropriate signature algorithm

On Mon, Oct 22, 2012, Erik Tkal wrote: It looks like the client sets the hash to use for each key type to the first matching algorithm sent by the server in the certificateRequest. These values are stored in a private structure with no apparent way for client code to modify this, and it