From 6593c7e1cba6a846906fb01785739d875a3d4e74 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 29 Nov 2022 22:56:35 +0100 Subject: [PATCH] Clarify PSS sigalg entry If my understanding is correct (to be confirmed in review), this is a new feature which was not particularly desired on its own but was the simplest way to fix an interoperability issue in TLS 1.2 caused accidentally by the work on TLS 1.3. Signed-off-by: Gilles Peskine --- ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt b/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt index f88eb9ed4..c87c3fbbf 100644 --- a/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt +++ b/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt @@ -1,8 +1,8 @@ Features - * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate - declaring an RSA public key and Mbed TLS is configured in hybrid mode, if - `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then - the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm - for its signature in the key exchange message. As Mbed TLS 1.2 does not - support them, the handshake fails. Add `rsa_pss_rsae_*` support for TLS 1.2 - to resolve the compitablity issue. + * Support rsa_pss_rsae_* signature algorithms in TLS 1.2. +Bugfix + * Fix an interoperability failure between an Mbed TLS client with both + TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server such as GnuTLS or + OpenSSL that supports rsa_pss_rsae_* signature algorithms. This failed + because Mbed TLS supported PSS only in TLS 1.3, but advertised support + in TLS 1.2 as well.