Merge pull request #3 from tomato42/sha1-ske

clarify handling of SKE with MD5 or SHA1
tlswg · Jan 22, 2020 · d520df9 · d520df9
2 parents 51072fe + 998101b
commit d520df9
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/draft-ietf-tls-md5-sha1-deprecate-00.xml b/draft-ietf-tls-md5-sha1-deprecate-00.xml
@@ -170,8 +170,12 @@
    <t>
    Servers MUST NOT include MD5 and SHA-1 in ServerKeyExchange message. 
    If client does 
-   receive a MD5 or SHA-1 signature in the ServerKeyExchange message it MUST 
+   receive a MD5 or SHA-1 signature in the ServerKeyExchange message and it
+   sent one in signature_algorithms extensions it MUST
    abort the connection with handshake_failure or insufficient_security alert.
+   If client did not send MD5 nor SHA-1 hash algorithm in signature_algorithms
+   extension and it receives a MD5 or SHA-1 signature in the ServerKeyExchange
+   it MUST abort the connection with the illegal_parameter alert.
    </t>
    </section>
   <section anchor="CertificateVerify" title="Certificate Verify">