Type: New Feature
Affects Version/s: None
Fix Version/s: EJBCA 6.1.0
RFC6960 has a new client extension for requesting algorithm selection.
o Section 4.4.7 specifies a new extension that may be included in a
request message to specify signature algorithms the client would
prefer the server use to sign the response as specified in
We should improve the OCSP responders algorithm selection algorithm. The are available signature algorithms, and if the client requests a specific signature algorithm, and it is consistent with the signature keys, it should be used.
If the client requested signature algorithm is not among available algorithms (currently configured in ocsp.properties), or consistent with the signature key (i.e. RSA algorithm for ECC keys), the default selected (same criteria as today) should be used.