[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS 1.2 server

From: Nikos Mavrogiannopoulos
Subject: Re: TLS 1.2 server
Date: Mon, 02 Nov 2009 21:13:39 +0200
User-agent: Thunderbird (X11/20090817)

Simon Josefsson wrote:

> That's missing, right.  Client-authentication with TLS 1.2 and
> certificate signing callbacks doesn't seem to be working right either,
> the sign callback receives a string of size 36 (SHA1+MD5) but it should
> be a PKCS#1 SHA1/SHA2 structure.

 I think I fixed this part during the weekend, however I don't know if
the value received by the callback is what it is expected.

> Yeah, I know. :-(
> My plan was to create some helper functions to do the hashing, and set
> up separate hashing for all of MD5, SHA-1, SHA-2 and let the later code
> figure out which hash to actually use.  This is wasteful, but that is
> the TLS 1.2 design.

I now use only SHA-1 and SHA-256 and wait for a fix in TLS 1.3 :)
(MD5 is no use for a signature anyway, and the rest... just allow SHA-256 :)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]