CVSROOT: /cvs Module name: src Changes by: b...@cvs.openbsd.org 2019/01/23 09:46:04
Modified files: lib/libssl : s3_lib.c ssl_clnt.c ssl_locl.h ssl_sigalgs.c ssl_sigalgs.h ssl_tlsext.c ssl_tlsext.h t1_lib.c regress/lib/libssl/client: clienttest.c regress/lib/libssl/tlsext: tlsexttest.c Log message: Modify sigalgs extension processing for TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@