The requirement of signature_algorithms in TLS 1.3 inconsistent with RFC 8446 #25

huiyuexu · 2023-10-11T02:11:57Z

Issue Type: Test Principles

Testcase name: signature_algorithms extension

Testcase number: TLS_B1_GP_03_T

Test code: TLS_B1_GP_03_T.java

Description:
The test tool only allows that the algorithm in "signature_algorithms extension" is consistent with the public key algorithm in certificate, which complies with RFC5246 (TLS 1.2).

But the TLS 1.3 (RFC 8446) does not make such a requirement refer to 4.4.2.2.

   If the server cannot produce a certificate chain that is signed only
   via the indicated supported algorithms, then it SHOULD continue the
   handshake by sending the client a certificate chain of its choice
   that may include algorithms that are not known to be supported by the
   client.  This fallback chain SHOULD NOT use the deprecated SHA-1 hash
   algorithm in general, but MAY do so if the client's advertisement
   permits it, and MUST NOT do so otherwise.

I don't know if my understanding is correct, hope to get your reply.

The text was updated successfully, but these errors were encountered:

huiyuexu changed the title ~~TLS 1.3~~ The requirement of signature_algorithms extension in TLS 1.3 Oct 11, 2023

huiyuexu changed the title ~~The requirement of signature_algorithms extension in TLS 1.3~~ The requirement of signature_algorithms in TLS 1.3 inconsistent with RFC 8446 Oct 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The requirement of signature_algorithms in TLS 1.3 inconsistent with RFC 8446 #25

The requirement of signature_algorithms in TLS 1.3 inconsistent with RFC 8446 #25

huiyuexu commented Oct 11, 2023 •

edited

Loading

The requirement of signature_algorithms in TLS 1.3 inconsistent with RFC 8446 #25

The requirement of signature_algorithms in TLS 1.3 inconsistent with RFC 8446 #25

Comments

huiyuexu commented Oct 11, 2023 • edited Loading

huiyuexu commented Oct 11, 2023 •

edited

Loading