Hi - New here so hopefully I can word this succinctly. I’m also relatively new to Python, but not new to coding in general.
I am looking into an application that has a static programmed set of openssl Signature Algorithms:
from .ssl_context_configurator.ssl_context_configurator import SSLContextConfigurator
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
ssl_context.load_default_certs()
ssl_context.set_ciphers("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-S ..tuncated..")
SSL_SIGNATURE_ALGORITHMS = [
"ecdsa_secp256r1_sha256",
"rsa_pss_rsae_sha256",
"rsa_pkcs1_sha256",
"ecdsa_secp384r1_sha384",
"rsa_pss_rsae_sha384",
"rsa_pkcs1_sha384",
"rsa_pss_rsae_sha512",
"rsa_pkcs1_sha512",
"rsa_pkcs1_sha1",
]
with SSLContextConfigurator(ssl_context, libssl_path="libssl.so.3") as ssl_context_configurator:
ssl_context_configurator.configure_signature_algorithms(":".join(SSL_SIGNATURE_ALGORITHMS))
What I want to do is extract the signature algorithm from the server certificate. I have looked at this code from answer 1 here .
I get the result:
sha256WithRSAEncryption
How can I relate that to a specific Python Signature Algorithm (for example, like the ones in the above list) to detect if that algorithm is supported by default or needs adding?
Looking at
SSL_SIGNATURE_ALGORITHMS = [
"ecdsa_secp256r1_sha256",
"rsa_pss_rsae_sha256",
"rsa_pkcs1_sha256",
"ecdsa_secp384r1_sha384",
"rsa_pss_rsae_sha384",
"rsa_pkcs1_sha384",
"rsa_pss_rsae_sha512",
"rsa_pkcs1_sha512",
"rsa_pkcs1_sha1",
]
There appear to be these that are candidates:
"rsa_pss_rsae_sha256",
"rsa_pkcs1_sha256",
I’ve tried to google, but in this instance my skills appear to be weak.
If someone could point me in the correct direction I would be grateful.
Kind regards,
Steve