cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-29 16:32:32 -04:00
Code Issues Packages Projects Releases Wiki Activity

Clarify PSS sigalg entry

Browse Source 
If my understanding is correct (to be confirmed in review), this is a new
feature which was not particularly desired on its own but was the simplest
way to fix an interoperability issue in TLS 1.2 caused accidentally by
the work on TLS 1.3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-11-29 22:56:35 +01:00
parent 29a56a1251
commit 6593c7e1cb
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt
View File

@ -1,8 +1,8 @@
Features Features
* When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate * Support rsa_pss_rsae_* signature algorithms in TLS 1.2.
declaring an RSA public key and Mbed TLS is configured in hybrid mode, if Bugfix
`rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then * Fix an interoperability failure between an Mbed TLS client with both
the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server such as GnuTLS or
for its signature in the key exchange message. As Mbed TLS 1.2 does not OpenSSL that supports rsa_pss_rsae_* signature algorithms. This failed
support them, the handshake fails. Add `rsa_pss_rsae_*` support for TLS 1.2 because Mbed TLS supported PSS only in TLS 1.3, but advertised support
to resolve the compitablity issue. in TLS 1.2 as well.