@@ -11079,25 +11079,27 @@ run_fs() {
1107911079 # A few servers get confused if the signature_algorithms extension contains too many entries. So:
1108011080 # * For TLS 1.3, break the list into two and test each half separately.
1108111081 # * For TLS 1.2, generally limit the signature_algorithms extension to algorithms that are consistent with the key type.
11082+ # At least one server gets confused if RSA+MD5 is offered first. So, the ordering is reversed so that the strongest
11083+ # options appear in $sigalgs_to_test first.
1108211084 for hexc in "${sigalgs_hex[@]}"; do
1108311085 if [[ "$proto" == 04* ]]; then
1108411086 if ! "${tls13_supported_sigalgs[i]}"; then
1108511087 if [[ "${proto##*-}" == 01 ]]; then
11086- [[ $i -le 16 ]] && sigalgs_to_test+ =", $hexc"
11088+ [[ $i -le 16 ]] && sigalgs_to_test=", $hexc$sigalgs_to_test "
1108711089 else
11088- [[ $i -gt 16 ]] && sigalgs_to_test+ =", $hexc"
11090+ [[ $i -gt 16 ]] && sigalgs_to_test=", $hexc$sigalgs_to_test "
1108911091 fi
1109011092 fi
1109111093 elif ! "${tls12_supported_sigalgs[i]}"; then
1109211094 if [[ "$proto" =~ rsa ]]; then
1109311095 if [[ "${hexc:3:2}" == 01 ]] || [[ "${hexc:0:2}" == 08 ]]; then
11094- sigalgs_to_test+ =", $hexc"
11096+ sigalgs_to_test=", $hexc$sigalgs_to_test "
1109511097 fi
1109611098 elif [[ "$proto" =~ dss ]]; then
11097- [[ "${hexc:3:2}" == 02 ]] && sigalgs_to_test+ =", $hexc"
11099+ [[ "${hexc:3:2}" == 02 ]] && sigalgs_to_test=", $hexc$sigalgs_to_test "
1109811100 else
1109911101 if [[ "${hexc:3:2}" == 03 ]] || [[ "${hexc:0:2}" == 08 ]]; then
11100- sigalgs_to_test+ =", $hexc"
11102+ sigalgs_to_test=", $hexc$sigalgs_to_test "
1110111103 fi
1110211104 fi
1110311105 fi
0 commit comments