diff options
author | David Benjamin <davidben@google.com> | 2016-07-09 01:52:59 +0300 |
---|---|---|
committer | David Benjamin <davidben@google.com> | 2016-07-12 19:32:31 +0300 |
commit | ea9a0d5313f4244f2765e02d762788c1cb9be72a (patch) | |
tree | d5100ecccf1f97805c7755ae95dcc057725fb2b9 /crypto/err | |
parent | d246b817515b52b77ccc4876f25ddf4f41e67477 (diff) |
Refine SHA-1 default in signature algorithm negotiation.
Rather than blindly select SHA-1 if we can't find a matching one, act as
if the peer advertised rsa_pkcs1_sha1 and ecdsa_sha1. This means that we
will fail the handshake if no common algorithm may be found.
This is done in preparation for removing the SHA-1 default in TLS 1.3.
Change-Id: I3584947909d3d6988b940f9404044cace265b20d
Reviewed-on: https://boringssl-review.googlesource.com/8695
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'crypto/err')
-rw-r--r-- | crypto/err/ssl.errordata | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata index 700f9df1..23143444 100644 --- a/crypto/err/ssl.errordata +++ b/crypto/err/ssl.errordata @@ -77,6 +77,7 @@ SSL,174,NO_CERTIFICATE_SET SSL,175,NO_CIPHERS_AVAILABLE SSL,176,NO_CIPHERS_PASSED SSL,177,NO_CIPHER_MATCH +SSL,253,NO_COMMON_SIGNATURE_ALGORITHMS SSL,178,NO_COMPRESSION_SPECIFIED SSL,179,NO_METHOD_SPECIFIED SSL,180,NO_P256_SUPPORT |