[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS 1.2 server
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: TLS 1.2 server |
Date: |
Sat, 24 Oct 2009 06:03:15 +0300 |
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Simon Josefsson wrote:
> I'll do a release shortly, so we can more easily test how TLS 1.2 works
> in some real applications now that it is the default.
Hi,
I've checked TLS 1.2 recently, and as far as I understand the only part
missing is support for SignatureAndHashAlgorithm in Certificate Request,
as well as the extension 'signature_algorithms'. Am I correct? Is there
something else missing?
As I see it for the support of SignatureAndHashAlgorithm in Certificate
Request the handshake must be changed (for the client at least), to hold
all handshake messages and calculate the hash based on what the server
sent. This is tricky since if implemented only for TLS 1.2 we have a
code full of ifs that will be impossible to read. I'll see whether I can
make something for it the next few days.
regards,
Nikos
- Re: TLS 1.2 server, Simon Josefsson, 2009/10/01
- Re: TLS 1.2 server,
Nikos Mavrogiannopoulos <=