2018-06-19 23:11 GMT+08:00 Jakob Bohm <jb-open...@wisemo.com>: > On 19/06/2018 15:40, John Jiang wrote: > >> Using OpenSSL 1.1.1-pre7 >> >> Please consider the following cases and handshaking results: >> 1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher >> suite >> Handshaking failed with no suitable cipher >> >> 2. rsa_pss_pss_256 certificate + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >> cipher suite >> Handshaking succeeded. >> >> 3. rsa_pss_rsae_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher >> suite >> Handshaking succeeded. >> >> 4. rsa_pss_rsae_256 certificate + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >> cipher suite >> Handshaking succeeded. >> >> Why did case 1 fail? >> > The TLS_RSA_ cipher suites require that the premaster secret > is encrypted with the RSA key in the servers certificate. > But an rsa_pss_pss_256 certificate (have not seen that notation > before) is probably a signing-only certificate, that says not > to encrypt anything with its RSA key. > Why does rsa_pss_rsae_256 + TLS_RSA_* work? It sounds that rsa_pss_pss_256 and rsa_pss_rsae_256 are the same signature scheme.
Thanks!
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users