[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#959469: openssl 1.1.1n-0+deb10u1 flagged for acceptance

On Mon, Mar 21, 2022 at 12:12:11AM +0100, Sebastian Andrzej Siewior wrote:
> 
> The change in openssl is commit
>    cc7c6eb8135b ("Check that the default signature type is allowed")

So that's:
commit cc7c6eb8135be665d0acc176a5963e1eaf52e4e2
Author: Kurt Roeckx <kurt@roeckx.be>
Date:   Thu Jan 2 22:53:32 2020 +0100

    Check that the default signature type is allowed

    TLS < 1.2 has fixed signature algorithms: MD5+SHA1 for RSA and SHA1 for the
    others. TLS 1.2 sends a list of supported ciphers, but allows not sending
    it in which case SHA1 is used. TLS 1.3 makes sending the list mandatory.

    When we didn't receive a list from the client, we always used the
    defaults without checking that they are allowed by the configuration.

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    GH: #10784
    (cherry picked from commit b0031e5dc2c8c99a6c04bc7625aa00d3d20a59a5)


Kurt
Reply to: