> On Jun 7, 2019, at 12:07 PM, Hubert Kario <hkario@xxxxxxxxxx> wrote: > > OTOH, the practice in TLS 1.2, and behaviour codified in TLS 1.3 RFC, is that > if you have just one chain, give it to client and let it sort out if it likes > it or not Absolutely. The text in RFC5246 is a specification overreach from TLS into X.509 that is counterproductive in practice. We should not implement the part of RFC5246 that would have the server fail the handshake when its certificate chain has *potentially* unsupported signatures. Deciding whether the chain is OK (or even looked at all) is up to the client. -- Viktor.
