You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → Overriding signature algorithms (not ciphers!)
Greetings,
I wonder whether wolfSSL allows for overriding the list of supported signature algorithms. My use case is integration of a crypto device that doesn't support RSA-PSS, and also the same device doesn't support signing sha512 hashes (don't ask why 
). So I need to exclude psa_pss_rsae_sha256 and rsa_pkcs1_sha512 from the list of advertised algorithms. What would be the best way to do that?
Thanks in advance!
Hi Oytis,
Just disable them and they won't be broadcast for example:
./configure --disable-rsapss --disable-sha512 --disable-sha384(sha384 is truncated sha512 so should be disabled also).
Cheers,
KH
Hi Kaleb,
thank you for your answer. That is the option I've been using so far. I believe it could be beneficial to be able to set the list in runtime instead of build time. This solves the problem in the short term though.
Thanks!
Hi Oytis,
I see, unfortunately at this time we do not have a run time option. Can you provide a brief summary of your use case and why it would be beneficial to have a run time option? I would happy to add it to our list of internal feature requests and just need something to put in the notes for why it would be useful to have an optional run-time switch as opposed to just supported/not supported build time option.
Warmest Regards,
KH
wolfSSL - Embedded SSL Library → wolfSSL → Overriding signature algorithms (not ciphers!)
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.016 seconds (89% PHP - 11% DB) with 11 queries