Add SHA-512 to BSI TLS policy's allowed sigatures hashes

author: René Korthaus <[email protected]> 2019-11-14 10:24:23 +0100
committer: René Korthaus <[email protected]> 2019-11-14 10:24:23 +0100
commit: 070d1cf60fab1e0eac46298c87c7093d733d81f1 (patch)
tree: bb43531ff7387acb454a5baa9e594271f39d1264 /src
parent: 9b01decb7f30a474cd6329811edcad54c2983a09 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 3d9d02913..ca2c08606 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -425,7 +425,7 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy
 
       std::vector<std::string> allowed_signature_hashes() const override
          {
-         return std::vector<std::string>({"SHA-384", "SHA-256"});
+         return std::vector<std::string>({"SHA-512", "SHA-384", "SHA-256"});
          }
 
       std::vector<std::string> allowed_macs() const override
diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt
index af7b37d94..802c5c9b8 100644
--- a/src/tests/data/tls-policy/bsi.txt
+++ b/src/tests/data/tls-policy/bsi.txt
@@ -5,7 +5,7 @@ allow_dtls10 = false
 allow_dtls12 = false
 
 ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128 AES-256/CCM AES-128/CCM
-signature_hashes = SHA-384 SHA-256
+signature_hashes = SHA-512 SHA-384 SHA-256
 macs = AEAD SHA-384 SHA-256
 key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK
 signature_methods = ECDSA RSA DSA
author	René Korthaus <[email protected]>	2019-11-14 10:24:23 +0100
committer	René Korthaus <[email protected]>	2019-11-14 10:24:23 +0100
commit	070d1cf60fab1e0eac46298c87c7093d733d81f1 (patch)
tree	bb43531ff7387acb454a5baa9e594271f39d1264 /src
parent	9b01decb7f30a474cd6329811edcad54c2983a09 (diff)