Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add back support for SHA224 based sig algs #3639

Closed
wants to merge 1 commit into from
Closed

Add back support for SHA224 based sig algs #3639

wants to merge 1 commit into from

Conversation

mattcaswell
Copy link
Member

This used to work but was inadvertently removed as part of the TLSv1.3 work. This adds it back.

Fixes #3633

Note: It seems we are offering disallowed sig algs in a TLSv1.3 compliant ClientHello (including sha1, and now sha224). Draft-20 says this:

  These algorithms are deprecated as of
  TLS 1.3.  They MUST NOT be offered or negotiated by any
  implementation.  In particular, MD5 [SLOTH], SHA-224, and DSA MUST
  NOT be used.

Probably we should only offer sha1/sha224 if TLSv1.3 has been disabled. That would be a different PR though.

Checklist
  • documentation is added or updated
  • tests are added or updated

@mattcaswell
Add back support for SHA224 based sig algs
2763158 
This used to work but was inadvertently removed as part of the TLSv1.3
work. This adds it back.

Fixes openssl#3633
@mattcaswell mattcaswell mentioned this pull request Jun 8, 2017
Closed
@kaduk
Copy link
Contributor

kaduk commented Jun 8, 2017

Note: It seems we are offering disallowed sig algs in a TLSv1.3 compliant ClientHello (including sha1, and now sha224).

I raised this in #3326 and it was pointed out that complying with the 1.3 spec would be a regression in a point release, so we ended up only omitting the forbidden algorithms in a 1.3-only ClientHello. (N.B. #3326 is still open.)

@mattcaswell
Copy link
Member Author

I raised this in #3326 and it was pointed out that complying with the 1.3 spec would be a regression in a point release, so we ended up only omitting the forbidden algorithms in a 1.3-only ClientHello. (N.B. #3326 is still open.)

Ahh, right. I thought the topic seemed a little familiar.

levitte pushed a commit that referenced this pull request Jun 8, 2017
@mattcaswell
Add back support for SHA224 based sig algs
d8311fc 
This used to work but was inadvertently removed as part of the TLSv1.3
work. This adds it back.

Fixes #3633

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #3639)
@mattcaswell
Copy link
Member Author

Pushed. Thanks.

@mattcaswell mattcaswell closed this Jun 8, 2017
@raycoll raycoll mentioned this pull request Jun 8, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richsalz richsalz richsalz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

RSA+SHA224 sigalg removed from master
3 participants
@mattcaswell @kaduk @richsalz