SHA-1 deprecation: allow it in key exchange

By default, keep allowing SHA-1 in key exchange signatures. Disabling it causes compatibility issues, especially with clients that use TLS1.2 but don't send the signature_algorithms extension. SHA-1 is forbidden in certificates by default, since it's vulnerable to offline collision-based attacks.
2025-12-23 15:55:10 +01:00 · 2017-05-12 13:16:40 +02:00 · 2017-05-12 13:16:40 +02:00 · 5d2511c4d4
commit 5d2511c4d4
parent 682df09159
7 changed files with 32 additions and 17 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -2908,12 +2908,19 @@ run_test    "Per-version suites: TLS 1.2" \
 # Test for ClientHello without extensions

 requires_gnutls
-run_test    "ClientHello without extensions" \
+run_test    "ClientHello without extensions, SHA-1 allowed" \
            "$P_SRV debug_level=3" \
            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
            0 \
            -s "dumping 'client hello extensions' (0 bytes)"

+requires_gnutls
+run_test    "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
+            "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
+            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
+            0 \
+            -s "dumping 'client hello extensions' (0 bytes)"
+
 # Tests for mbedtls_ssl_get_bytes_avail()

 run_test    "mbedtls_ssl_get_bytes_avail: no extra data" \