5d2511c4d4
By default, keep allowing SHA-1 in key exchange signatures. Disabling it causes compatibility issues, especially with clients that use TLS1.2 but don't send the signature_algorithms extension. SHA-1 is forbidden in certificates by default, since it's vulnerable to offline collision-based attacks. |
||
---|---|---|
.. | ||
data_files | ||
scripts | ||
suites | ||
.gitignore | ||
CMakeLists.txt | ||
compat.sh | ||
Descriptions.txt | ||
Makefile | ||
ssl-opt.sh |