Hello, I am developing a simple client/server application with openSSL. Using wireshark, I can see in the Client Hello message that there is an extension signature_algorithms, in which are fields Signature Hash Algorithms. I can see a lot of supported algorithms, such as RSA, DSA, ECDSA in the fields *Signature Hash Algorithm Signature* ,and SHA1, SHA256, MD5, ... for *Signature Hash Algorithm Hash*. The same behavior happens in the Server Key Exchange message. My question is: how can I restrict this list of algorithms to use only one? Note that I am already using the function set_cipher_list(), and as a consequence, the field *Cipher Suites* in those messages only contains the suite I want to use. So I don't know what is the API function to use instead of ssl_ctx_set_cipher_list(). I didn't find anything in the documentation. Thank you for your help, Jack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150316/4aa34b76/attachment.html>
