Public bug reported: If an OpenSSL consumer uses SSL_set_SSL_CTX (very commonly done with SNI), OpenSSL 1.0.1i and earlier lose internal state relating to TLS 1.2 which causes it to forget the peer's digest preferences. The end result is such servers will *only* sign SHA-1 ServerKeyExchanges in TLS 1.2, even if the peer advertises other hashes or even doesn't advertise SHA-1 at all.
See: https://rt.openssl.org/Ticket/Display.html?id=3560 https://bugzilla.redhat.com/show_bug.cgi?id=1150033 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4 http://www.ietf.org/mail-archive/web/tls/current/msg19195.html Glancing at packages.ubuntu.com, this seems to affect Ubuntu vivid and below. It would be greatly appreciated if you would backport this fix to all applicable releases so Ubuntu servers do not become the limiting factor in someday removing SHA-1 here. The links above should have reproduction steps you can use to confirm the bug and test the fix. (Note that it requires a build of OpenSSL 1.0.2 to confirm the bug. OpenSSL 1.0.1's s_client doesn't print the necessary information.) ** Affects: openssl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1550643 Title: Please backport OpenSSL SNI signature algorithms fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1550643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs