On Fri, Oct 22, 2021 at 05:55:41PM +, Salz, Rich wrote:
> >So if OpenSSL client connects to server that supports PSS but not
> >TLS 1.3, the connection will fail because the client vomits at the
> >server response?
>
> I *think* it will fail cleanly because it gets an ALERT message
>So if OpenSSL client connects to server that supports PSS but not
TLS 1.3, the connection will fail because the client vomits at the
server response?
I *think* it will fail cleanly because it gets an ALERT message, but I am not
sure. I am no longer involved with OpenSSL, I just did a
On Fri, Oct 22, 2021 at 04:50:05PM +, Salz, Rich wrote:
> > This has been my impression, too, but we want to check with the
> > list.
>
> OpenSSL has a comment "/* Only allow PSS for TLS 1.3 */" and it looks
> like the code (tls12_check_peer_sigalg() in ssl/t1_lib.c) enforces
> that.
So i
> This has been my impression, too, but we want to check with the list.
OpenSSL has a comment "/* Only allow PSS for TLS 1.3 */" and it looks like the
code (tls12_check_peer_sigalg() in ssl/t1_lib.c) enforces that.
___
Uta mailing list
Uta@ietf.org
On 10/22/21 10:39 AM, Salz, Rich wrote:
Well, we've been thinking specifically about whether to recommend PSS
for TLS 1.2 implementations and deployments. Naturally you get PSS for
free if you've upgraded to TLS 1.3, but do we want to say that if you
haven't upgraded to TLS 1.
>Well, we've been thinking specifically about whether to recommend PSS
for TLS 1.2 implementations and deployments. Naturally you get PSS for
free if you've upgraded to TLS 1.3, but do we want to say that if you
haven't upgraded to TLS 1.3 yet you should update your TLS 1.2
On 10/21/21 6:15 PM, Martin Thomson wrote:
You want to separate the use of PSS in the protocol from PSS in certificates.
Right now, certificates do not routinely include SPKI with PSS OIDs or PSS
signatures. Those are poorly supported. For example, in Firefox we have most
of the necessary su
Peter Saint-Andre writes:
>What is the sense of the WG about saying in 7525bis that support for RSASSA-
>PSS should or should not be RECOMMENDED for TLS 1.2?
Seems like a really bad idea. TLS, back to at least SSLv2 25 yeas ago, has
always done PKCS#1v1.5 RSA, not PSS. I get that TLS 1.3 wants
