> From: Wu, Hong-Tao (Aaron, HPSW-R&D-SH) [mailto:hongtao...@hp.com] > Sent: Tuesday, 20 November, 2012 22:05 > To: openssl-users@openssl.org > Cc: dthomp...@prinpay.com > Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm > > Thanks a lot, Dave. > > So it means that SHA256 is only technically supported from > 0.9.7h. If I am using 0.9.7d, it is not included, right? > I don't have all the old versions to check, but according to CHANGES it is NOT in 0.9.7h which means it SHOULD NOT be in any earlier 0.9.7*, and 0.9.7d IS earlier than 0.9.7h so it SHOULD NOT be in 0.9.7d.
It IS in the code for 0.9.7m, therefore it was added sometime after 0.9.7h and before or at 0.9.7m. That's what ">7h <=7m" means. > Best Regards, > Aaron > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson > Sent: Wednesday, November 21, 2012 10:01 AM > To: openssl-users@openssl.org > Subject: RE: Does OpenSSL 0.9.7 support SHA256 Digest Algorithm > > > From: owner-openssl-us...@openssl.org On Behalf Of Wu, Hong-Tao > > (Aaron, > HPSW-R&D-SH) > > Sent: Tuesday, 20 November, 2012 10:42 > > > In our product, we are still using OpenSSL 0.9.7d (on Windows > > platform) for certificate validation. Recently we suffered an issue > > about certificates based SHA256, and the following error is thrown: > > > > ldap_bind: Can't contact LDAP server (-1) > > additional info: error:0D0890A1:asn1 encoding > > routines:ASN1_verify:unknown message digest algorithm > > > > My question is: > > > > 1) Does OpenSSL 0.9.7 support SHA256 Digest Algorithm? > > On one system I still have 0.9.7m which does have SHA-2, with > no mention in CHANGES. However, the 0.9.8* CHANGES describe > it as added by 0.9.8(original) and not in 0.9.7h. > Thus it was apparently backported somewhere >7h <=7m. > > > 2) If answer is NO for point 1, since which version does OpenSSL > > support SHA Digest Algorithm? > > > (You mean SHA-256, or more broadly SHA-2. SHA-1 has been in > OpenSSL much longer, and the algorithm originally released as > SHA was defective and withdrawn before use.) > > Some 0.9.7 and all? 0.9.8 support SHA-2 as pure digests, and > signatures using SHA-2 with RSA. Due to API limitation they > can't do signatures using SHA-2 with ECDSA, and AIR don't > have the DSA sizes for SHA-2 added by FIPS 186-3. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
