On 2020-05-08, openbsdli...@uninformativ.de <openbsdli...@uninformativ.de> wrote: > It only fails with gnutls, so I first reported it there: > > https://gitlab.com/gnutls/gnutls/-/issues/984 > > However, Daiki Ueno said it looks like an issue with LibreSSL. Quoting > in full: > >> This looks like an issue in the server side (LibreSSL). In TLS 1.3, >> non-PSS RSA signature schemes have been removed, while the server >> seems to sign the Certificate Verify message with RSA-SHA256, which is >> not permitted. > > I'm not really an expert on TLS or cryptography, so no idea what's going > on, which is why I'm reporting it on misc first. :-) > > Should this be reported to libre...@openbsd.org?
To save antone else time lookong: this is fixed, see beck@'s comment on the gitlab ticket.
