RSA based certs failing during TLS after removal of RSA-PSS ciphers from ClientSignatureAlgorithm #28942
Description
For FIPS mode, I added ClientSignatureAlgorithm in opensslcnf.txt. This change was done for FIPS mode using the crypto-policies package.
The support ciphers for ClientSignatureAlgorithms are same as SignatureAlgorithms with these ciphers removed:
ecdsa_secp521r1 with sha512(0x0603),
rsa_pss_rsae with sha256(0x0804),
rsa_pss_rsae with sha384(0x0805),
rsa_pss_rsae with sha512(0x0806),
We're facing issues while connecting to some update servers after this change was done and this is the error log:
OpenSSL SSL_read: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0
With RSA-PSS ciphers removed, it still contains multiple RSA-based(RSA+SHA256:RSA+SHA384:RSA+SHA512) ciphers for negotiation and ideally this should work fine but that's not the case:
Opensslcnf.txt:
CipherString = @SECLEVEL=2:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:!kRSA:-aDSS:!CHACHA20-POLY1305:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-AESCCM:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
MinProtocol = TLSv1.2
MaxProtocol = TLSv1.3
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512
ClientSignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:RSA+SHA256:RSA+SHA384:RSA+SHA512 <== Newly added
OpenSSL Version - OpenSSL 1.1.1g FIPS
- OpenSSL build with a few severity patches (official Red Hat ones)