Addendum:
1. Created a TLS 1.2 client that send in the signature extensions in the ClientHello that specifies support for only sha1 with RSA.
2. The server still does not reply back with the "sha1WithRSAEncryption" certificate.
Regards,
From: Gaurav Khanna <khanna111@xxxxxxxxx.INVALID>
To: "users@xxxxxxxxxxxxxxxx" <users@xxxxxxxxxxxxxxxx>
Sent: Tuesday, October 28, 2014 12:27 PM
Subject: Two x509 SSL certificates with different signature algorithms differing only in the hash
To: "users@xxxxxxxxxxxxxxxx" <users@xxxxxxxxxxxxxxxx>
Sent: Tuesday, October 28, 2014 12:27 PM
Subject: Two x509 SSL certificates with different signature algorithms differing only in the hash
Hi,
I have apache configured with 2 SSL X509 certificates with differing signature algorithms as in:
1. sha1WithRSAEncryption
2. sha256WithRSAEncryption
Now it seems "that the certificate with "sha256WithRSAEncryption" is always utilized when SSL / TLS is established. Tested with the latest browsers and "openssl s_client".
Is this a supported combination while configuring TLS in Apache?
Apache: 2.4.10
OpenSSL: 1.0.2 beta
Regards,
Gaurav
