diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-11-19 15:50:15 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-11-20 13:40:53 +0000 |
commit | 2cc7acd273bc39f1360aed52400d18bb65b88a95 (patch) | |
tree | 1b18d8ea7223e4d5919d8927cca4978755070636 /test | |
parent | e20b47275109aafc559446d731e6baad4a1f55d1 (diff) |
Use better defaults for TSA.
Use SHA256 for TSA and setted permitted digests to a sensible value.
Based on PR#4141
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'test')
-rw-r--r-- | test/CAtsa.cnf | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf index 95a21f98b8..ab2f84aa0f 100644 --- a/test/CAtsa.cnf +++ b/test/CAtsa.cnf @@ -35,7 +35,7 @@ private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file default_days = 365 # how long to certify for -default_md = sha1 # which md to use. +default_md = sha256 # which md to use. preserve = no # keep passed DN ordering policy = policy_match @@ -132,11 +132,11 @@ signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate certs = $dir/tsaca.pem # Certificate chain to include in reply # (optional) signer_key = $dir/tsa_key1.pem # The TSA private key (optional) -signer_digest = sha1 # Signing digest to use. (Optional) +signer_digest = sha256 # Signing digest to use. (Optional) default_policy = tsa_policy1 # Policy if request did not specify it # (optional) other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) accuracy = secs:1, millisecs:500, microsecs:100 # (optional) ordering = yes # Is ordering defined for timestamps? # (optional, default: no) @@ -156,8 +156,8 @@ signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply # (optional) signer_key = $dir/tsa_key2.pem # The TSA private key (optional) -signer_digest = sha1 # Signing digest to use. (Optional) +signer_digest = sha256 # Signing digest to use. (Optional) default_policy = tsa_policy1 # Policy if request did not specify it # (optional) other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) |