Security Newbie,
I'm using OpenSSL for my client, and noticed that when testing it against Bad ssl's sha1-intermediate test, it accepts it although the agreed upon cipher is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
. I had to set the security level for OpenSSL to 2
using SSL_CTX_get_security_level in order to block this.
By examining the Wireshark data for Bad ssl's sha1-intermediate test, I saw that the leaf certificate is signed with sha256WithRSAEncryption
, and the intermediate certificate is signed with sha1WithRSAEncryption
(as stated in the algorithmIdentifier
section).
As far as I understand, signing the intermediate certificate with sha1
does not comply with the cipher suite agreed upon in the intial stage of the TLS handshake..
Does this mean that the cipher suite only applies to the leaf certificate, and for blocking the sha1
intermediate certificate I have to use OpenSSL's security level feature?
Thanks in advance, David.