Replying to self :)
On Fri, Oct 12, 2018 at 12:24 PM Selva Nair wrote:
> Hi,
>
> My testing shows that OpenSSL 1.1.1 likes to use PSS even for TLS 1.2, so,
> even in the short-term, this can't be worked around by just disabling TLS
> 1.3.
>
> Now, for cryptoapicert, it would have been easy to
Hi,
My testing shows that OpenSSL 1.1.1 likes to use PSS even for TLS 1.2, so,
even in the short-term, this can't be worked around by just disabling TLS
1.3.
Now, for cryptoapicert, it would have been easy to support PSS using
Windows CNG API provided OpenSSL passes the hash and ask to sign with