On Thursday, 21 March 2019 12:16:08 CET Urmas Vanem wrote: > Hi! > > I try to find authoritative explanation for some aspects in RFC 5246 (TLS > 1..2). I hope this is right place to ask. > > Background: Company A has client/browser and company B has web server. > Server has certificate and it also requires certificate from client. Client > do not advertise signature_algorithm ECDSA/SHA512 in its client hello. > Server supports signature_algorithm ECDSA/SHA512 by default, but it does > not send it to client with certificate request message because it is not > advertised in client hello! (Communication fails.) > > > * Company B says that this is correct implementation for RFC 5246 - only > common signature algorithms for both parties must be included in > signature_algorithms extension in certificate request message!
no, that's not correct interpretation of RFC 5246, signature_algorithms advertised in ClientHello and in CertificateRequest are independent. In the description of Signature Algorithms extension, section 7.4.1.4.1, the algorithms are what the _client_ is willing to _verify_: Each SignatureAndHashAlgorithm value lists a single hash/signature pair that the client is willing to verify. Formally, client does not verify its own signatures. No part of Section 7.4.4. states that the CertificateRequest.supported_signature_algorithms must be a subset of the values advertised in signature_algorithms extension from ClientHello. Again in Section 7.4.8. it is stated that the signature algorithm used must have been present in CertificateRequest.supported_signature_algorithms. There is no mention of signature_algorithms from ClientHello. > * Company > A says that in correct implementation of RFC 5246 all signature_algorithms > supported by server must be included in certificate request message (and > client hello has nothing to do with certificate request message)! -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
