boringssl

History

David Benjamin ea9a0d5313 Refine SHA-1 default in signature algorithm negotiation. Rather than blindly select SHA-1 if we can't find a matching one, act as if the peer advertised rsa_pkcs1_sha1 and ecdsa_sha1. This means that we will fail the handshake if no common algorithm may be found. This is done in preparation for removing the SHA-1 default in TLS 1.3. Change-Id: I3584947909d3d6988b940f9404044cace265b20d Reviewed-on: https://boringssl-review.googlesource.com/8695 Reviewed-by: David Benjamin <davidben@google.com>	2016-07-12 16:32:31 +00:00
..
openssl	Refine SHA-1 default in signature algorithm negotiation.	2016-07-12 16:32:31 +00:00

David Benjamin ea9a0d5313 Refine SHA-1 default in signature algorithm negotiation.

Rather than blindly select SHA-1 if we can't find a matching one, act as
if the peer advertised rsa_pkcs1_sha1 and ecdsa_sha1. This means that we
will fail the handshake if no common algorithm may be found.

This is done in preparation for removing the SHA-1 default in TLS 1.3.

Change-Id: I3584947909d3d6988b940f9404044cace265b20d
Reviewed-on: https://boringssl-review.googlesource.com/8695
Reviewed-by: David Benjamin <davidben@google.com>

2016-07-12 16:32:31 +00:00

openssl

Refine SHA-1 default in signature algorithm negotiation.

2016-07-12 16:32:31 +00:00