Description of problem:
If client sends only (MD5, RSA) in signature algorithms in ClientHello (or any other combination not supported by the server), it uses (SHA1, RSA) by default. This violates RFC 5246 (see bz1410573 for further details).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. start s_server
2. send ClientHello containing only (MD5, RSA) signature algorithm
3. look at signature algorithm used in ServerKeyExchange
(SHA1, RSA) is used
Connection is aborted.
This is already fixed in openssl-1.0.2j-1.fc24
*** This bug has been marked as a duplicate of bug 1276310 ***
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.