I noted there is a typo at "rsa_pkcs1_sha5256". Fix this typo, SSL_CTX_set1_sigalgs_list works as expected.
Jared Huang <jared...@gmail.com> 於 2022年9月20日 週二 下午5:34寫道: > Hello, > > > > I’m using SSL_CTX_set1_sigalgs_list to set my favorite signature algorithm. > > But there is more algorithm listed on client hello message than I desired. > > > > I defined a list > > #define TLS_PREFER_SIGNATURE "rsa_pss_rsae_sha256:" \ > > "rsa_pss_rsae_sha384:" \ > > "rsa_pss_rsae_sha512:" \ > > "rsa_pss_pss_sha256:" \ > > "rsa_pss_pss_sha384:" \ > > "rsa_pss_pss_sha512:" \ > > "ecdsa_secp256r1_sha256:" \ > > "ecdsa_secp384r1_sha384:" \ > > "ecdsa_secp521r1_sha512:" \ > > "rsa_pkcs1_sha256:" \ > > "rsa_pkcs1_sha384:" \ > > "rsa_pkcs1_sha5256" \ > > > > Then, use SSL_CTX_set1_sigalgs_list(pCtx, TLS_PREFER_SIGNATURE ) to > customize signature algorithm. > > But in client hello, the signature algorithm has more than I listed. > > Signature Hash Algorithms (23 algorithms) > > Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) > > Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) > > Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) > > Signature Algorithm: ed25519 (0x0807) > > Signature Algorithm: ed448 (0x0808) > > Signature Algorithm: rsa_pss_pss_sha256 (0x0809) > > Signature Algorithm: rsa_pss_pss_sha384 (0x080a) > > Signature Algorithm: rsa_pss_pss_sha512 (0x080b) > > Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) > > Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) > > Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) > > Signature Algorithm: rsa_pkcs1_sha256 (0x0401) > > Signature Algorithm: rsa_pkcs1_sha384 (0x0501) > > Signature Algorithm: rsa_pkcs1_sha512 (0x0601) > > Signature Algorithm: SHA224 ECDSA (0x0303) > > Signature Algorithm: ecdsa_sha1 (0x0203) > > Signature Algorithm: SHA224 RSA (0x0301) > > Signature Algorithm: rsa_pkcs1_sha1 (0x0201) > > Signature Algorithm: SHA224 DSA (0x0302) > > Signature Algorithm: SHA1 DSA (0x0202) > > Signature Algorithm: SHA256 DSA (0x0402) > > Signature Algorithm: SHA384 DSA (0x0502) > > Signature Algorithm: SHA512 DSA (0x0602) > > > Do I make any mistake ? How do i remove SHA+DSA, and others? > > > Thanks > > -- > Sincerely, > Jared > > -- Sincerely, Jared 黃清富 Mobile: 0932-945-823 E-Mail: jared...@gmail.com