Hi, My testing shows that OpenSSL 1.1.1 likes to use PSS even for TLS 1.2, so, even in the short-term, this can't be worked around by just disabling TLS 1.3.
Now, for cryptoapicert, it would have been easy to support PSS using Windows CNG API provided OpenSSL passes the hash and ask to sign with PSS padding. But it doesn't. Instead, it adds the padding and ask us to sign that padded data as is (i.e. padding none). In fact rsa_sign() callback is not even called when padding is PSS -- it just jumps to rsa_priv_enc callback. As far as I can see signing pre-padded hash is not supported by CNG (does it?). Any suggestions on what do we do? Thanks, Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel