0

Security Newbie, I'm using OpenSSL for my client, and noticed that when testing it against Bad ssl's sha1-intermediate test, it accepts it although the agreed upon cipher is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f). I had to set the security level for OpenSSL to 2 using SSL_CTX_get_security_level in order to block this.

By examining the Wireshark data for Bad ssl's sha1-intermediate test, I saw that the leaf certificate is signed with sha256WithRSAEncryption, and the intermediate certificate is signed with sha1WithRSAEncryption (as stated in the algorithmIdentifier section).

As far as I understand, signing the intermediate certificate with sha1 does not comply with the cipher suite agreed upon in the intial stage of the TLS handshake..

Does this mean that the cipher suite only applies to the leaf certificate, and for blocking the sha1 intermediate certificate I have to use OpenSSL's security level feature?

Thanks in advance, David.

david-hoze
  • 101
  • 3
  • 2
    TLS cipher suites are completely different things than what certificates are signed with. Why do you think they should have anything in common? – Joseph Sible-Reinstate Monica Mar 19 '20 at 16:56
  • Well, sorry, I'm a newbie.. Wrong assumption.. Maybe it has to do with [SSL_CTX_set1_client_sigalgs](https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_client_sigalgs.html) and not [SSL_CTX_set_cipher_list](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html). I'll try that path. Thank you :) – david-hoze Mar 19 '20 at 17:08

0 Answers0