New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWS supported algorithms. #1191
Comments
RS256 is the only one boulder supports right now. It's unlikely that boulder will support every algorithm that the JWS spec allows. If there's a specific algorithm you're looking to have supported, please make a ticket for it. |
Anyway! That said, I'm not sure where we'd document what algorithms boulder or, perhaps more accurately, Let's Encrypt will support, off-hand. Open to suggestions. |
I think the best way would be to let the error message at say what algorithm is expected eg "algorithm '%s' in JWS header not acceptable, expected %s", jwsAlgorithm, algorithm)) https://github.com/letsencrypt/boulder/blob/master/wfe/jose.go#L40 |
I believe Boulder now checks for RS256, ES256, ES384 and ES512. I think the current error message will suffice unless anyone has any suggestions? @jsha @rolandshoemaker @ccppuu |
@benileo I think the best approach would be to switch the error to |
The spec states:
Whereas boulder checks for RS256 specifically ... This should be clarified somewhere
The text was updated successfully, but these errors were encountered: