On 9 February 2017 at 07:20, Yoav Nir <[email protected]> wrote: > And it doesn’t help if the client does not provide the extension. The > extension can restrict from among the set of supported algorithms, Its > absence does not allow undefined algorithms.
Since TLS 1.3 defines code points for RSA-PSS, perhaps this is no longer accurate - at least for PSS. NSS supports PSS signatures in TLS 1.2. It caused a small amount of compatibility pain deploying them thanks to some infrequently used, but overzealous implementations. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
