Hi, I'm one of the maintainers of Python's ssl module. A couple of days ago Hanno Böck opened an issue [1] against ssl.get_server_certificate() function [2][3]. It's a helper function to retrieve the end-entity certificate from a remote TLS/SSL server over an unverified connection. The implementation [3] is rather simple and has some limitations. Hanno pointed out that it cannot handle servers with multiple certificate types. For example Facebook supports RSA and ECDSA certs. Python's ssl.get_server_certificate() can only retrieve the ECDSA cert. It's fairly simple to fix the problem for TLS 1.2 and lower by limiting the cipher suites to "aRSA:!NULL" for RSA certs and "aECDSA:!NULL" for ECDSA certs [4]. However this trick will not work with TLS 1.3. The new TLS 1.3 cipher suites no longer specify authentication algorithm or key agreement/exchange. TLS 1.3 RFC specifies a signature_algorithms extension [5]. I could not find any API call in OpenSSL master to set the extension for TLS 1.3 handshakes. How can a client enforce a specific authentication algorithm or set of signature algorithms for TLS 1.3 handshake? Regards, Christian [1] https://bugs.python.org/issue31892 [2] https://docs.python.org/3/library/ssl.html#ssl.get_server_certificate [3] https://github.com/python/cpython/blob/v3.6.2/Lib/ssl.py#L1201-L1218 [4] https://gist.github.com/tiran/6e7a5b00483376e164c951730db7d4e5 [5] https://tools.ietf.org/html/draft-ietf-tls-tls13-21#section-4.2.3 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
