-
-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
For TLS 1.3 --ecdsa/--rsa makes no difference #164
Comments
For the record, if
and
deliver OCSP validation, this does not mean, that
delivers OCSP validation, at least with Nginx 1.6.1, https://trac.nginx.org/nginx/ticket/1867#ticket . |
I do not think this will work, if the site offers only TLS 1.3 and only RSA certificate. As a matter of fact |
In addition, since for TLS 1.3, -ciphers aRSA is ignored, so is -ciphers aECDSA ignored. So --ecdsa should also disable TLS 1.3. |
|
I meant as per openssl/openssl#10131. |
To get RSA certificate the call is apparently This works with both www.aegee.org:443 and autoconfig.aegee.org:443. |
That string cannot be shortened. The way to get EC certificate, if available, otherwise fail, is to pass |
I see your point, what do you suggest? |
Currently the mappings are:
I propose these mappings:
|
Thanks, I implemented the change |
--rsa shall not disalbe TLS 1.3, but --help prints:
Moreover, this line citing “# https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/ says “RSA encryption was removed from TLS 1.3” is from my current perspective not necessary. |
Thanks. I fixed it. |
To be precise, TLS 1.3 does disable RSA signatures, but introduces RSA-PSS signatures (and TLS 1.2 can offer both). |
With most-recent check_ssl_cert, compare the output of --rsa vs --ecdsa:
Calling
./check_ssl_cert --rsa -H anciens.org
invokes/usr/local/bin/openssl s_client -crlf -connect anciens.org:443 -servername anciens.org -showcerts -verify 6 -cipher aRSA
while calling./check_ssl_cert --ecdsa -H anciens.org
invokes/usr/local/bin/openssl s_client -crlf -connect anciens.org:443 -servername anciens.org -showcerts -verify 6 -cipher aECDSA
/usr/local/bin/openssl s_client -crlf -connect anciens.org:443 -servername anciens.org -showcerts -verify 6 -cipher aRSA
prints:This is ECDSA connection and the certificate is also the EC one, once I compare the certificate on the disk with the certificate returned from s_client.
Compare to the invocation of
/usr/local/bin/openssl s_client -crlf -connect anciens.org:443 -servername anciens.org -showcerts -verify 6 -cipher aECDSA
:So in both cases the connections above deliver the EC certificate over TLS 1.3. If I pass however an additionals -tls1_2, then the output of
/usr/local/bin/openssl s_client -crlf -connect anciens.org:443 -servername anciens.org -showcerts -verify 6 -cipher aRSA -tls1_2
changes to:So with (implicit) TLS 1.3 chosen by s_client, -cipher aRSA does not select from the server the RSA certificate.
Looking at the cipher suites for TLS 1.3 in s_client 1.1.1, I do not see how can RSA or ECDSA be enforced, when the server and client support both. In particular, both
openssl cipher aRSA
andopenssl cipher aECDSA
printTLS_AES_256_GCM_SHA384
.https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/ says “RSA encryption was removed from TLS 1.3”. This is OK, but I do want to make sure that the server:
So, if it cannot be achieved by other means, then either document on --help after --rsa, that it implies --no_tls1_3 (and create this option), or document by other means, that --rsa is not suitable to verify that the server delivers RSA certificate, while operating TSL 1.3.
The text was updated successfully, but these errors were encountered: