Changed the default value of the "ess_cert_id_alg" option

This is used to calculate the TSA's public key certificate identifier. The default algorithm is changed from sha1 to sha256. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21794)
author: olszomal <Malgorzata.Olszowka@stunnel.org> 2023-08-21 09:29:28 +0200
committer: Tomas Mraz <tomas@openssl.org> 2023-08-25 15:05:51 +0200
commit: 10536b7f5b07aab3dc9631e94a56258155a1d942 (patch)
tree: d0ca8d3c14e86775c69f3d15af5d4c10a590156c /apps/openssl.cnf
parent: 975f372a6f7ae20e0c4c55a930a6844f2585ee6d (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 5597d89a03..0d564d3ba5 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -330,8 +330,8 @@ tsa_name		= yes	# Must the TSA name be included in the reply?
 				# (optional, default: no)
 ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
 				# (optional, default: no)
-ess_cert_id_alg		= sha1	# algorithm to compute certificate
-				# identifier (optional, default: sha1)
+ess_cert_id_alg		= sha256	# algorithm to compute certificate
+				# identifier (optional, default: sha256)
 
 [insta] # CMP using Insta Demo CA
 # Message transfer
author	olszomal <Malgorzata.Olszowka@stunnel.org>	2023-08-21 09:29:28 +0200
committer	Tomas Mraz <tomas@openssl.org>	2023-08-25 15:05:51 +0200
commit	10536b7f5b07aab3dc9631e94a56258155a1d942 (patch)
tree	d0ca8d3c14e86775c69f3d15af5d4c10a590156c /apps/openssl.cnf
parent	975f372a6f7ae20e0c4c55a930a6844f2585ee6d (diff)