From bc7f7090db96e35bfcf73da923be89cb0b15c0e9 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Fri, 16 Nov 2018 02:41:16 +0000
Subject: Unbreak legacy ciphers for prior to 1.1 by setting having a legacy
 sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@

---
 src/lib/libssl/ssl_cert.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/lib/libssl/ssl_cert.c')

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 30bb74508d..e78335c5bb 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.70 2018/11/10 01:19:09 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.71 2018/11/16 02:41:16 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,11 +161,11 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void)
 static void
 ssl_cert_set_default_sigalgs(CERT *cert)
 {
-	/* Set digest values to defaults */
+	/* Set digest values to legacy defaults */
 	cert->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
-	    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+	    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
 	cert->pkeys[SSL_PKEY_RSA_ENC].sigalg =
-	    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
+	    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
 	cert->pkeys[SSL_PKEY_ECC].sigalg =
 	    ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
 #ifndef OPENSSL_NO_GOST
-- 
cgit v1.2.3-55-g6feb