So if I want to use SHA-2 in my certificates, how do I choose on from the available SHA-2 family? The only thing I see in the config file we use is
default_md = md5 and the generated pem file has the following entry: Signature Algorithm: md5WithRSAEncryption Which SHA-2 family can I use? Alex On Aug 10, 2010, at 10:44 AM, Erwann ABALEA wrote: > Hodie IV Id. Aug. MMX, Alex Chen scripsit: >> I am only a end user and not familiar with SSL internal. If I >> understand the replies correctly, OpenSSL 1.0.x currently supports >> SHA-2 in certificates but not in the cipher suites used in network >> communication protocol. Is that a correct statement? > > That's it. OpenSSL implements the SHA2 family and is able to use > wherever it needs to (certificate+CRL, CMS, ...), but only implements > TLS1.0 (and in a near future TLS1.1) protocol. SHA256 (member of the > SHA2 family) is defined in ciphersuites defined by TLS1.2, and these > ciphersuites (and the protocol itself) need to be used differently > than what was done previously. > > -- > Erwann ABALEA <erwann.aba...@keynectis.com> > Département R&D > KEYNECTIS > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
