Re: TLS 1.2 server

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS 1.2 server

From:	Nikos Mavrogiannopoulos
Subject:	Re: TLS 1.2 server
Date:	Sat, 24 Oct 2009 06:03:15 +0300
User-agent:	Thunderbird 2.0.0.23 (X11/20090817)

Simon Josefsson wrote:

> I'll do a release shortly, so we can more easily test how TLS 1.2 works
> in some real applications now that it is the default.

Hi,
 I've checked TLS 1.2 recently, and as far as I understand the only part
missing is support for SignatureAndHashAlgorithm in Certificate Request,
as well as the extension 'signature_algorithms'. Am I correct? Is there
something else missing?

As I see it for the support of SignatureAndHashAlgorithm in Certificate
Request the handshake must be changed (for the client at least), to hold
all handshake messages and calculate the hash based on what the server
sent. This is tricky since if implemented only for TLS 1.2 we have a
code full of ifs that will be impossible to read. I'll see whether I can
make something for it the next few days.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Re: TLS 1.2 server, Simon Josefsson, 2009/10/01
- Re: TLS 1.2 server, Nikos Mavrogiannopoulos <=
  - Re: TLS 1.2 server, Simon Josefsson, 2009/10/26

Prev by Date: Re: Fatal error: Key usage violation in certificate has been detected
Next by Date: Re: TLS 1.2 server
Previous by thread: Re: TLS 1.2 server
Next by thread: Re: TLS 1.2 server
Index(es):
- Date
- Thread