ssl: TLSv1.2: proper default sign algo for RSA #340
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Patch has passed first testings and has been assigned to be reviewed |
Negotiated version is now always passed to ssl_handshake:select_hashsign because ssl_handshake:select_cert_hashsign has different rsa defaults on tlsv1.2 and older versions.
|
I have updated the branch because first version was misbehaving when working over older protocol versions. Now it seems to be OK. |
|
Patch has passed first testings and has been assigned to be reviewed |
|
It has been merged together with an additional commit to make the source of the default values occur only in one place in the code. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Select {sha, rsa} signature algorithm when TLSv1.2 client
does not send signature_algorithms extension and negotiates
RSA key exchange.
See RFC 5246 section 7.4.1.4.1 for details.
Also this change fixes badarg when server tried to use
md5sha combination as public_key:sign algo.