[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS 1.2 server
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: TLS 1.2 server |
Date: |
Mon, 02 Nov 2009 21:13:39 +0200 |
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Simon Josefsson wrote:
> That's missing, right. Client-authentication with TLS 1.2 and
> certificate signing callbacks doesn't seem to be working right either,
> the sign callback receives a string of size 36 (SHA1+MD5) but it should
> be a PKCS#1 SHA1/SHA2 structure.
Hi,
I think I fixed this part during the weekend, however I don't know if
the value received by the callback is what it is expected.
> Yeah, I know. :-(
>
> My plan was to create some helper functions to do the hashing, and set
> up separate hashing for all of MD5, SHA-1, SHA-2 and let the later code
> figure out which hash to actually use. This is wasteful, but that is
> the TLS 1.2 design.
I now use only SHA-1 and SHA-256 and wait for a fix in TLS 1.3 :)
(MD5 is no use for a signature anyway, and the rest... just allow SHA-256 :)
regards,
Nikos
- Re: TLS 1.2 server,
Nikos Mavrogiannopoulos <=