Use better defaults for TSA.

Use SHA256 for TSA and setted permitted digests to a sensible value. Based on PR#4141 Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-11-19 15:50:15 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2015-11-20 13:40:53 +0000
commit: 2cc7acd273bc39f1360aed52400d18bb65b88a95 (patch)
tree: 1b18d8ea7223e4d5919d8927cca4978755070636 /apps/openssl.cnf
parent: e20b47275109aafc559446d731e6baad4a1f55d1 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 473c884514..53c4bef044 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -335,11 +335,11 @@ signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
 certs		= $dir/cacert.pem	# Certificate chain to include in reply
 					# (optional)
 signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
-signer_digest  = sha1			# Signing digest to use. (Optional)
+signer_digest  = sha256			# Signing digest to use. (Optional)
 default_policy	= tsa_policy1		# Policy if request did not specify it
 					# (optional)
 other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
-digests		= md5, sha1		# Acceptable message digests (mandatory)
+digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
 accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
 clock_precision_digits  = 0	# number of digits after dot. (optional)
 ordering		= yes	# Is ordering defined for timestamps?
author	Dr. Stephen Henson <steve@openssl.org>	2015-11-19 15:50:15 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2015-11-20 13:40:53 +0000
commit	2cc7acd273bc39f1360aed52400d18bb65b88a95 (patch)
tree	1b18d8ea7223e4d5919d8927cca4978755070636 /apps/openssl.cnf
parent	e20b47275109aafc559446d731e6baad4a1f55d1 (diff)