On 17/08/2020 18:55, John Baldwin wrote: > 1) Is 'auth_level' supposed to work for this? The CHANGES.md change > references SSL_CTX_set_security_level and openssl(1) claims that > '-auth_level' changes this? Is the CHANGES.md entry wrong and only > SECLEVEL=0 for the ciphers work by design? openssl(1) says this about auth_level: "Set the certificate chain authentication security level to I<level>. The authentication security level determines the acceptable signature and public key strength when verifying certificate chains." However, the problem you are seeing is about *handshake* signatures using SHA1 - so auth_level is not appropriate. > > 2) The hang when using a 'master' client seems like a regression? > Fix for this issue here: https://github.com/openssl/openssl/pull/12670 Matt
