Hi, c t browne <[email protected]> wrote:
I upgraded to version 5.63 on openssl 3.02 and received a CA signature digest algorithm too week error. I tried setting the securityLevel to 2 and also to 1 and the error did not go away. I have no way to change the certificate on the remove system.
OpenSSL 3 forbids SHA-1 signatures in security level 1 and above. Try security level 0. Note that SHA-1 is insecure, and collisions on SHA-1 signatures can probably computed at less than 50k USD a piece [1], so you should contact whoever is in charge of the remote system to move away from SHA-1. [1]: https://eprint.iacr.org/2020/014.pdf HTH, Clemens Lang _______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
