On Thu, Oct 02, 2014 at 02:54:45PM +0200, Per Thorsheim wrote:
> "If connecting client/server supports SHA-256 signed cert than use that
> from our side, else fallback to SHA-1 certificate from our side, with
> fallback to plaintext as last resort."
This is not possible due to TLS protocol limitations.
> I presume support for TLSv1.1 and TLSv1.2 increases the chances of
> SHA-256 certificates being supported as well, but I don't know yet.
Yes, signalling of client digest algorithm support requires TLSv1.2,
and I would be very surprised to find any implementation of that
which does not support SHA-2.
> I would hate to see use of #starttls dropped because mailservers doesn't
> support SHA-256 signed certificates.
Try it, and report and your findings. I for now am not rushing to
replace the SHA1 "signature" on my server's self-signed certificate
with a SHA2-256 signature.
FWIW, OpenSSL by default does not check the signatures of self-signed
certificates (root CAs or self-signed leaf certificates).
--
Viktor.
