Re: rsa_pss_pss_*/rsa_pss_rsae_* and TLS_RSA_*/TLS_ECDHE_RSA_*

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

2018-06-19 23:11 GMT+08:00 Jakob Bohm <jb-openssl@xxxxxxxxxx>:
On 19/06/2018 15:40, John Jiang wrote:
Using OpenSSL 1.1.1-pre7

Please consider the following cases and handshaking results:
1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suite
Handshaking failed with no suitable cipher

2. rsa_pss_pss_256 certificate + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite
Handshaking succeeded.

3. rsa_pss_rsae_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suite
Handshaking succeeded.

4. rsa_pss_rsae_256 certificate + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite
Handshaking succeeded.

Why did case 1 fail?
 The TLS_RSA_ cipher suites require that the premaster secret
is encrypted with the RSA key in the servers certificate.
But an rsa_pss_pss_256 certificate (have not seen that notation
before) is probably a signing-only certificate, that says not
to encrypt anything with its RSA key.
Why does rsa_pss_rsae_256 + TLS_RSA_* work?
It sounds that rsa_pss_pss_256 and rsa_pss_rsae_256 are the same signature scheme.

Thanks!
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux