> On Jun 20, 2018, at 3:44 PM, Jakob Bohm <jb-openssl@xxxxxxxxxx> wrote: > > I believe there is a fundamental concern, impossible to handle sanely > at the CA policy level, that a CA may reasonably have certificate > hierarchies targeting people with different maximum security strength > and/or living at different times within a root certificate lifespan > (decades). > > Thus it is reasonable for a particular TLS participant to dynamically > reject/ignore certificates weaker than it's own policies even if > issued by a root CA that has both strong and weak subtrees. For that we have a coarse filter in the form of the security level. Thus MD5 is no longer accepted outside root CA self signatures at the default security level 1 or higher. One thing I forgot to mention is: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_security_callback.html The callback interface is not yet documented, but it does allow the application to bless or reject each algorithm for a particular purpose: void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); void SSL_CTX_set_security_callback(SSL_CTX *ctx, int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)); When this is documented, users who really want low level control would be able to accept or reject specific algorithms for specific operations. The "op" values of interest are: SSL_SECOP_EE_KEY /* accept/reject an EE public key */ SSL_SECOP_CA_KEY /* accept/reject a CA public key */ SSL_SECOP_CA_MD /* accept/reject a CA hash algorithm */ If there is enough demand and contributor energy, this interface could get documented, code examples provided, ... -- -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
