CVSROOT: /cvs
Module name: src
Changes by: b...@cvs.openbsd.org 2019/01/23 09:46:04
Modified files:
lib/libssl : s3_lib.c ssl_clnt.c ssl_locl.h ssl_sigalgs.c
ssl_sigalgs.h ssl_tlsext.c ssl_tlsext.h
t1_lib.c
regress/lib/libssl/client: clienttest.c
regress/lib/libssl/tlsext: tlsexttest.c
Log message:
Modify sigalgs extension processing for TLS 1.3.
- Make a separate sigalgs list for TLS 1.3 including only modern
algorithm choices which we use when the handshake will not negotiate
TLS 1.2
- Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as
mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2
ok jsing@ tb@
