Yes, per RFC 5246: " If the client provided a "signature_algorithms" extension, then all certificates provided by the server MUST be signed by a hash/signature algorithm pair that appears in that extension."
Cheers, Andrei -----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Yuhong Bao Sent: Monday, January 11, 2016 3:30 PM To: David Benjamin <david...@chromium.org>; Kurt Roeckx <k...@roeckx.be>; tls@ietf.org Subject: Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms > (c) Servers which sign SHA-2 but fail if signature_algorithms omits > SHA-1. The ones I looked at were all from serving SHA-1 certificates, > so probably their SSL stack compares certs against sig_algs. I think SChannel is one of them. _______________________________________________ TLS mailing list TLS@ietf.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7cdca8115118694f6fd88808d31adf1a2d%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=NMe0Q4tKP6RdFTuDEkKavQF4YysdBEBX%2ftX4u1SEw7o%3d _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls