Hi! I try to find authoritative explanation for some aspects in RFC 5246 (TLS 1..2). I hope this is right place to ask.
Background: Company A has client/browser and company B has web server. Server has certificate and it also requires certificate from client. Client do not advertise signature_algorithm ECDSA/SHA512 in its client hello. Server supports signature_algorithm ECDSA/SHA512 by default, but it does not send it to client with certificate request message because it is not advertised in client hello! (Communication fails.) * Company B says that this is correct implementation for RFC 5246 - only common signature algorithms for both parties must be included in signature_algorithms extension in certificate request message! * Company A says that in correct implementation of RFC 5246 all signature_algorithms supported by server must be included in certificate request message (and client hello has nothing to do with certificate request message)! Can you please share your opinion/understanding with me? Or lead me to right direction? Thanks! Urmas
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
