Clarify PSS sigalg entry

If my understanding is correct (to be confirmed in review), this is a new
feature which was not particularly desired on its own but was the simplest
way to fix an interoperability issue in TLS 1.2 caused accidentally by
the work on TLS 1.3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-11-29 22:56:35 +01:00
parent 29a56a1251
commit 6593c7e1cb

View File

@ -1,8 +1,8 @@
Features
* When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
`rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
for its signature in the key exchange message. As Mbed TLS 1.2 does not
support them, the handshake fails. Add `rsa_pss_rsae_*` support for TLS 1.2
to resolve the compitablity issue.
* Support rsa_pss_rsae_* signature algorithms in TLS 1.2.
Bugfix
* Fix an interoperability failure between an Mbed TLS client with both
TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server such as GnuTLS or
OpenSSL that supports rsa_pss_rsae_* signature algorithms. This failed
because Mbed TLS supported PSS only in TLS 1.3, but advertised support
in TLS 1.2 as well.