Way cool! -- Principal Security Engineer Akamai Technology Cambridge, MA
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dr. Stephen Henson Sent: Monday, June 03, 2013 9:08 AM To: [email protected] Cc: [email protected] Subject: Re: [openssl.org #3059] TLS 1.2 CertificateRequests allows MD5 On Mon, Jun 03, 2013, Salz, Rich wrote: > It's a general problem; what if the client list contains stronger ciphers but > they appear after the weaker ones? > > We modified code so that the server side can have its own ordered list, and > it will search through that list from what the client offers. > > If I can get the patches released, is there any interest? > That's already supported in OpenSSL 1.0.2-dev and the master branch. Client and server can set signature algorithm preference lists which can be used to select the appropriate signature algorithm to use. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
