On 15/04/18 17:18, Viktor Dukhovni wrote:
> 
> 
>> On Apr 15, 2018, at 2:24 AM, Bernd Edlinger <bernd.edlin...@hotmail.de> 
>> wrote:
>>
>> One possible example of application failure that I am aware of is #5743:
>> A certificate that is incompatible with TLS1.3 but works with TLS1.2.
>> Admittedly that I did come up with that scenario only because I saw
>> a possible issue per code inspection.
> 
> [ Repeating in part my response to Richar's mesage also in this thread ]
> 
> This is a bug that needs to be fixed, the point format for TLS does not
> have any provenance over X.509.  There's no such thing as a certificate
> not compatible with TLS 1.3 (that is compatible with TLS 1.2).
> 

That's not entirely true. This works:

$ openssl s_server -cert dsacert.pem -key dsakey.pem -cipher ALL:@SECLEVEL=0
$ openssl s_client -no_tls1_3 -cipher ALL@SECLEVEL=0

This doesn't:

$ openssl s_server -cert dsacert.pem -key dsakey.pem -cipher ALL:@SECLEVEL=0
$ openssl s_client -cipher ALL@SECLEVEL=0

139667082474432:error:14201076:SSL routines:tls_choose_sigalg:no
suitable signature algorithm:ssl/t1_lib.c:2484:

We do not allow DSA certs in TLSv1.3.

Matt
_______________________________________________
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Reply via email to