Hi Matt, Thanks for reply. I also used both functions SSL_CTX_set1_sigalgs_list() SSL_CTX_set1_client_sigalgs_list() but same thing happens. I set client side “RSA+SHA512” using SSL_CTX_set1_sigalgs_list() but still it is accepting sever certificate which has signature algorithm SHA256withRSAencryption. Best Regards, Devang Sent from my iPhone > On 20-Jun-2018, at 2:25 PM, Matt Caswell <matt@xxxxxxxxxxx> wrote: > > > >> On 20/06/18 09:44, Devang Kubavat wrote: >> Hi all, >> >> I set the signature algorithm using in client, >> >> /* signature algorithm list */ >> >> (void)SSL_CTX_set1_client_sigalgs_list(ctx, “RSA+SHA512”); >> >> >> >> Expected behavior: client only accepts server certificate which has >> signature algorithm SHA512withRSAencryption during TLS handshake. >> >> >> >> But, here even I set “RSA+SHA512” signature algorithm, still client is >> accepting the server certificate which has signature algorithm >> SHA256withRSAencryption. Why? > > As I said in reply to your other post: > > "The function "SSL_CTX_set1_client_sigalgs_list()" is for setting > signature algorithms related to *client authentication*. This is not the > same as the sig algs sent in the ClientHello. For that you need to use > SSL_CTX_set1_sigalgs_list()." > > Matt > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
