subject:"\[openssl.org #3560\] OpenSSL selects weak digest for \(EC\)DH kex signing in TLSv1.2 when connecting to SNI virtual server"

[openssl.org #3560] OpenSSL selects weak digest for (EC)DH kex signing in TLSv1.2 when connecting to SNI virtual server

2014-11-27 Thread Stephen Henson via RT

Fixed now, thanks for the report. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project

[openssl.org #3560] OpenSSL selects weak digest for (EC)DH kex signing in TLSv1.2 when connecting to SNI virtual server

2014-10-08 Thread Tomas Mraz via RT

When connecting to a virtual, SNI defined host openssl selects SHA1 digest instead of SHA512, as it does for the default host. Steps to Reproduce: 1. openssl req -x509 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -subj /CN=localhost -nodes -batch 2. openssl req -x509 -newkey

[openssl.org #3560] OpenSSL selects weak digest for (EC)DH kex signing in TLSv1.2 when connecting to SNI virtual server

2014-10-08 Thread Stephen Henson via RT

On Wed Oct 08 19:12:41 2014, tm...@redhat.com wrote: When connecting to a virtual, SNI defined host openssl selects SHA1 digest instead of SHA512, as it does for the default host. The cause is that some negotiated parameters are wiped when SSL_set_SSL_CTX is called. Try the attached patch.

[openssl.org #3560] OpenSSL selects weak digest for (EC)DH kex signing in TLSv1.2 when connecting to SNI virtual server

[openssl.org #3560] OpenSSL selects weak digest for (EC)DH kex signing in TLSv1.2 when connecting to SNI virtual server

[openssl.org #3560] OpenSSL selects weak digest for (EC)DH kex signing in TLSv1.2 when connecting to SNI virtual server

3 matches

Site Navigation

Mail list logo

Footer information