[exim-dev] [Bug 674] exim can't verify sha256WithRSAEncrypti…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 674] New: exim can't verify sha256WithRSAEncryption signature in X. 509 certificates when linked against OpenSSL
Subject: [exim-dev] [Bug 674] exim can't verify sha256WithRSAEncryption signature in X.509 certificates when linked against OpenSSL
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=674




--- Comment #13 from Phil Pennock <exim-dev@???> 2008-08-15 12:56:34 ---
You're not likely to have long to wait. RFC 5246 is now out, specifying TLS
1.2.

----------------------------8< cut here >8------------------------------
1.2. Major Differences from TLS 1.1

This document is a revision of the TLS 1.1 [TLS1.1] protocol which
contains improved flexibility, particularly for negotiation of
cryptographic algorithms. The major changes are:

   -  The MD5/SHA-1 combination in the pseudorandom function (PRF) has
      been replaced with cipher-suite-specified PRFs.  All cipher suites
      in this document use P_SHA256.
[...]
----------------------------8< cut here >8------------------------------


I've just checked with someone heavily involved in the OpenSSL project and it's
likely that sha256 will be loaded by default soon.

Which then just leaves the patch I offered as a way for people to tune knobs
without being dependent upon the Exim developers.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email