Re: TLS 1.2 server

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS 1.2 server

From:	Nikos Mavrogiannopoulos
Subject:	Re: TLS 1.2 server
Date:	Mon, 02 Nov 2009 21:13:39 +0200
User-agent:	Thunderbird 2.0.0.23 (X11/20090817)

Simon Josefsson wrote:

> That's missing, right.  Client-authentication with TLS 1.2 and
> certificate signing callbacks doesn't seem to be working right either,
> the sign callback receives a string of size 36 (SHA1+MD5) but it should
> be a PKCS#1 SHA1/SHA2 structure.

Hi,
 I think I fixed this part during the weekend, however I don't know if
the value received by the callback is what it is expected.

> Yeah, I know. :-(
> 
> My plan was to create some helper functions to do the hashing, and set
> up separate hashing for all of MD5, SHA-1, SHA-2 and let the later code
> figure out which hash to actually use.  This is wasteful, but that is
> the TLS 1.2 design.

I now use only SHA-1 and SHA-256 and wait for a fix in TLS 1.3 :)
(MD5 is no use for a signature anyway, and the rest... just allow SHA-256 :)

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Re: TLS 1.2 server, Nikos Mavrogiannopoulos <=
- Re: TLS 1.2 server, Simon Josefsson, 2009/11/03
  - Re: TLS 1.2 server, Nikos Mavrogiannopoulos, 2009/11/03
    - Re: TLS 1.2 server, Simon Josefsson, 2009/11/04
    - Re: TLS 1.2 server, Nikos Mavrogiannopoulos, 2009/11/05

Prev by Date: Re: Build + test problems on OpenSolaris (aka Solaris 11)
Next by Date: Re: TLS 1.2 server
Previous by thread: GnuTLS 2.8.5
Next by thread: Re: TLS 1.2 server
Index(es):
- Date
- Thread