diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d5a67a922c..f9ad5dade8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -381,11 +381,6 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, sig_alg = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - case MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256: - MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PKCS1 V1.5" ) ); - md_alg = MBEDTLS_MD_SHA256; - sig_alg = MBEDTLS_PK_RSA; - break; default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); goto error; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 204b9754aa..214f471616 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1538,6 +1538,10 @@ int main( int argc, char *argv[] ) { sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256; } + else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256; + } else { mbedtls_printf( "unknown signature algorithm %s\n", q ); @@ -1546,6 +1550,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "ecdsa_secp384r1_sha384 " ); mbedtls_printf( "ecdsa_secp521r1_sha512 " ); mbedtls_printf( "rsa_pss_rsae_sha256 " ); + mbedtls_printf( "rsa_pkcs1_sha256 " ); mbedtls_printf( "\n" ); goto exit; } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8e22a918f7..dc29d0b21f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8916,12 +8916,7 @@ run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PKCSV15_SHA256" \ "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \ 0 \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -s "Ephemeral EC Diffie-Hellman parameters" \ - -s "Version: TLS1.3" \ - -s "Cipher: AES-128-GCM" \ - -S "Client Signature:" \ - -s "Server Signature: RSA-PSS-RSAE-SHA256" \ -c "ECDH curve: x25519" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \