On Thu, Nov 07, 2013 at 03:51:38PM -0500, Dave Thompson wrote:
> To support the (four original) SHA-2 hashes as such, yes.
> But: if you want to sign (and I think verify?) SHA2 and DSA or ECDSA,
> you need the new signature/hash mechanism in 1.0.0, and if
> you want TLSv1.2 suites using HMAC-SHA256/384 you need 1.0.1.
Furthermore, with OpenSSL 0.9.8, SSL_library_init() does not enable
the SHA2 digests. You need OpenSSL_add_all_algorithms() or a
suitable subset for that.
So SSL/TLS applications based on 0.9.8 can't generally handle SHA2
digests in peer certificates.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
