diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b07d07ab1a..0d54ae9b0b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6376,6 +6376,7 @@ static uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256, #endif + MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256, MBEDTLS_TLS13_SIG_NONE }; @@ -6395,6 +6396,7 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256, #endif + MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256, MBEDTLS_TLS13_SIG_NONE }; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 2dd5c50313..f9ad5dade8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -376,7 +376,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, break; #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) case MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256: - MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA" ) ); + MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PSS" ) ); md_alg = MBEDTLS_MD_SHA256; sig_alg = MBEDTLS_PK_RSASSA_PSS; break; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 204b9754aa..214f471616 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1538,6 +1538,10 @@ int main( int argc, char *argv[] ) { sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256; } + else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256; + } else { mbedtls_printf( "unknown signature algorithm %s\n", q ); @@ -1546,6 +1550,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "ecdsa_secp384r1_sha384 " ); mbedtls_printf( "ecdsa_secp521r1_sha512 " ); mbedtls_printf( "rsa_pss_rsae_sha256 " ); + mbedtls_printf( "rsa_pkcs1_sha256 " ); mbedtls_printf( "\n" ); goto exit; }