On 20/06/18 09:44, Devang Kubavat wrote: > Hi all, > > I set the signature algorithm using in client, > > /* signature algorithm list */ > > (void)SSL_CTX_set1_client_sigalgs_list(ctx, “RSA+SHA512”); > > > > Expected behavior: client only accepts server certificate which has > signature algorithm SHA512withRSAencryption during TLS handshake. > > > > But, here even I set “RSA+SHA512” signature algorithm, still client is > accepting the server certificate which has signature algorithm > SHA256withRSAencryption. Why? As I said in reply to your other post: "The function "SSL_CTX_set1_client_sigalgs_list()" is for setting signature algorithms related to *client authentication*. This is not the same as the sig algs sent in the ClientHello. For that you need to use SSL_CTX_set1_sigalgs_list()." Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
