Commit 45473632 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Prevent use of RSA+MD5 in TLS 1.2 by default. 

Removing RSA+MD5 from the default signature algorithm list
prevents its use by default.

If a broken implementation attempts to use RSA+MD5 anyway the sanity
checking of signature algorithms will cause a fatal alert.
parent b39d4768

ssl/t1_lib.c

+1 −10
Original line number Diff line number Diff line
@@ -876,9 +876,6 @@ static unsigned char tls12_sigalgs[] = { 
#ifndef OPENSSL_NO_SHA

	tlsext_sigalg(TLSEXT_hash_sha1)

#endif

#ifndef OPENSSL_NO_MD5

	tlsext_sigalg_rsa(TLSEXT_hash_md5)

#endif

};

#ifndef OPENSSL_NO_ECDSA

static unsigned char suiteb_sigalgs[] = {
@@ -921,12 +918,6 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) 
	else

		{

		*psigs = tls12_sigalgs;

#ifdef OPENSSL_FIPS

		/* If FIPS mode don't include MD5 which is last */

		if (FIPS_mode())

			return sizeof(tls12_sigalgs) - 2;

		else

#endif

		return sizeof(tls12_sigalgs);

		}

	}