[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS 1.2 server
From: |
Simon Josefsson |
Subject: |
Re: TLS 1.2 server |
Date: |
Mon, 26 Oct 2009 10:24:09 +0100 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) |
Nikos Mavrogiannopoulos <address@hidden> writes:
> Simon Josefsson wrote:
>
>> I'll do a release shortly, so we can more easily test how TLS 1.2 works
>> in some real applications now that it is the default.
>
> Hi,
> I've checked TLS 1.2 recently, and as far as I understand the only part
> missing is support for SignatureAndHashAlgorithm in Certificate Request,
> as well as the extension 'signature_algorithms'. Am I correct? Is there
> something else missing?
That's missing, right. Client-authentication with TLS 1.2 and
certificate signing callbacks doesn't seem to be working right either,
the sign callback receives a string of size 36 (SHA1+MD5) but it should
be a PKCS#1 SHA1/SHA2 structure.
> As I see it for the support of SignatureAndHashAlgorithm in Certificate
> Request the handshake must be changed (for the client at least), to hold
> all handshake messages and calculate the hash based on what the server
> sent. This is tricky since if implemented only for TLS 1.2 we have a
> code full of ifs that will be impossible to read. I'll see whether I can
> make something for it the next few days.
Yeah, I know. :-(
My plan was to create some helper functions to do the hashing, and set
up separate hashing for all of MD5, SHA-1, SHA-2 and let the later code
figure out which hash to actually use. This is wasteful, but that is
the TLS 1.2 design.
/Simon