Hi,
RFC8446:
=================================================
4.2.3. Signature Algorithms
[...]
- Implementations that advertise support for RSASSA-PSS (which is
mandatory in TLS 1.3) MUST be prepared to accept a signature using
that scheme even when TLS 1.2 is negotiated. In TLS 1.2,
RSASSA-PSS is used with RSA cipher suites.
=================================================
The above paragraph gives me an impression that, in TLSv1.2, if
CertificateRequest message advertise 0x0804, then the client can sign
the CertificateVerify message with 0x0804 if client cert is RSA.
0x0804 = rsa_pss_rsae_sha256
Can some one please confirm whether my understanding is correct?
with regards,
Saravanan
On Wed, 21 Nov 2018 at 00:27, M K Saravanan <mksa...@gmail.com> wrote:
>
> Hi,
>
> If a TLSv1.2 Certificate Request message contains 0x0804
> (rsa_pss_rsae_sha256) as one of the supported signature algorithms,
> can a client sign the CertificateVerify message using that algorithm?
> (client cert is RSA). Is it allowed in TLSv1.2?
>
> with regards,
> Saravanan
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
