Re: Removing Extensions from Client Hello Header

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Nov 12, 2019 at 03:08:19PM -0700, Phil Neumiller wrote:
> I find the comment below about TLS 1.3 troubling.
[...]
> *    /*
>      * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test
> it
>      * for TLSv1.2 for now until we add a new API.
>      */*
>     SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
> 
>     if (testctx) {
>         int ret;
> 
>         if (curr->list != NULL)
>             ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
>         else
>             ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);

I don't.
>From SSL_CTX_set1_sigalgs.pod:

% The TLS 1.3 signature scheme names (such as "rsa_pss_pss_sha256") can also
% be used with the B<_list> forms of the API.

The TLS 1.3 schemes don't decompose into SIG+HASH, so this is just a constraint
inherent to the old API, not a bug.

-Ben
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux