On Thu, Mar 21, 2019 at 9:22 PM Urmas Vanem <urmas.va...@octox.eu> wrote:
> Hi! > > > > I try to find authoritative explanation for some aspects in RFC 5246 (TLS > 1.2). I hope this is right place to ask. > > > > Background: Company A has client/browser and company B has web server. > Server has certificate and it also requires certificate from client. Client > do not advertise signature_algorithm ECDSA/SHA512 in its client hello. > Server supports signature_algorithm ECDSA/SHA512 by default, but it does > not send it to client with certificate request message because it is not > advertised in client hello! (Communication fails.) > > > > - Company B says that this is correct implementation for RFC 5246 – > only common signature algorithms for both parties must be included in > signature_algorithms extension in certificate request message! > - Company A says that in correct implementation of RFC 5246 all > signature_algorithms supported by server must be included in certificate > request message (and client hello has nothing to do with certificate > request message)! > > The signature algorithms in certificate request are unrelated from those in the client hello, so the server should send its entire list. -Ekr > - > > > > Can you please share your opinion/understanding with me? > > Or lead me to right direction? > > > > Thanks! > > > > Urmas > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
