CMS Encryption

I am working with a partner that uses API mendelson AS2 Server 2017 build 272

They are seeing this error when they try and read our MDN:
"The signing process does not use the Algorithm Identifier Protection Attribute as defined in the configuration - this is insecure!"

Is there a setting somewhere related to CMS encryption? We are both using x.509 certificates but for some reason the client is expecting to see the Algorithm Identifier Protection Attribute which as far as I know is only applicable to CMS.

TIA.

Foren
AS2

Comments