I changed the default_md to sha512 in the configuration file and the
generated pem file shows
Signature Algorithm: sha512WithRSAEncryption
Client and server are still able to communicate. ( Server uses the new
pem file and the client uses an old pem file with md5 ).
So I guess that works for sha256, sha384, etc., too, correct?
Alex
On 9/1/2010 4:28 PM, Alex Chen wrote:
So if I want to use SHA-2 in my certificates, how do I choose on from the
available SHA-2 family?
The only thing I see in the config file we use is
default_md = md5
and the generated pem file has the following entry:
Signature Algorithm: md5WithRSAEncryption
Which SHA-2 family can I use?
Alex
On Aug 10, 2010, at 10:44 AM, Erwann ABALEA wrote:
Hodie IV Id. Aug. MMX, Alex Chen scripsit:
I am only a end user and not familiar with SSL internal. If I
understand the replies correctly, OpenSSL 1.0.x currently supports
SHA-2 in certificates but not in the cipher suites used in network
communication protocol. Is that a correct statement?
That's it. OpenSSL implements the SHA2 family and is able to use
wherever it needs to (certificate+CRL, CMS, ...), but only implements
TLS1.0 (and in a near future TLS1.1) protocol. SHA256 (member of the
SHA2 family) is defined in ciphersuites defined by TLS1.2, and these
ciphersuites (and the protocol itself) need to be used differently
than what was done previously.
--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
