Per RFC 5246,
Note: this extension is not meaningful for TLS versions prior to 1.2.
Clients MUST NOT offer it if they are offering prior versions.
However, even if clients do offer it, the rules specified in [TLSEXT]
require servers to ignore extensions they do not understand.Although second sentence would suggest that there would be no interop problems in always offering the extension, WebRTC has reported issues with Bouncy Castle on < TLS 1.2 ClientHellos that still include signature_algorithms. See also https://bugs.chromium.org/p/webrtc/issues/detail?id=4223 Just about any TLS 1.2 client test in BoringSSL's test suite can be used to repro this: https://mta.openssl.org/pipermail/openssl-dev/2016-March/005779.html David -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4390 Please log in as guest with password guest if prompted
0004-Don-t-send-signature-algorithms-when-client_version-.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
