Hi,

c t browne <[email protected]> wrote:

I upgraded to version 5.63 on openssl 3.02 and received a CA signature
digest algorithm too week error. I tried setting the securityLevel to 2
and also to 1 and the error did not go away. I have no way to change the
certificate on the remove system.

OpenSSL 3 forbids SHA-1 signatures in security level 1 and above. Try
security level 0.

Note that SHA-1 is insecure, and collisions on SHA-1 signatures can probably
computed at less than 50k USD a piece [1], so you should contact whoever is
in charge of the remote system to move away from SHA-1.

 [1]: https://eprint.iacr.org/2020/014.pdf


HTH,
Clemens Lang