On 15/04/18 17:18, Viktor Dukhovni wrote: > > >> On Apr 15, 2018, at 2:24 AM, Bernd Edlinger <bernd.edlin...@hotmail.de> >> wrote: >> >> One possible example of application failure that I am aware of is #5743: >> A certificate that is incompatible with TLS1.3 but works with TLS1.2. >> Admittedly that I did come up with that scenario only because I saw >> a possible issue per code inspection. > > [ Repeating in part my response to Richar's mesage also in this thread ] > > This is a bug that needs to be fixed, the point format for TLS does not > have any provenance over X.509. There's no such thing as a certificate > not compatible with TLS 1.3 (that is compatible with TLS 1.2). >
That's not entirely true. This works: $ openssl s_server -cert dsacert.pem -key dsakey.pem -cipher ALL:@SECLEVEL=0 $ openssl s_client -no_tls1_3 -cipher ALL@SECLEVEL=0 This doesn't: $ openssl s_server -cert dsacert.pem -key dsakey.pem -cipher ALL:@SECLEVEL=0 $ openssl s_client -cipher ALL@SECLEVEL=0 139667082474432:error:14201076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:ssl/t1_lib.c:2484: We do not allow DSA certs in TLSv1.3. Matt _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project