Server does not respect client provided hash algorithm list #137
Comments
|
I'm currently seeing "unimplemented RSA signature hash type: HashSHA384" when connecting to a Go server from a Haskell client! What is it with Haskell and Go :-( UPD: sent a PR: #138 |
|
If this is already fixed by #138, please close this issue. |
|
I think #138 doesn't really fix the issue; it adds a SHA384 to the supported ciphers, which mitigates the problem with Go servers (and clients? I haven't tested it - maybe not), however the problem is that the server should check its cipher list against the client provided list and choose a cipher from the intersection of these 2 lists. It seems to me the server doesn't do that. |
|
I suddenly remembered that I have hit upon the same thing in Warp, too: |
@ondrap Do you mean the signature algorithm extensions in client hello? |
|
I would like to have test cases for this. Any volunteers? |
Probably... I'm no well versed in tls - I remember I just checked the My test case was connecting the go client (I used the winlogbeats/filebeats from elasticsearch). I could probably try to test it out again. |
|
OK. Now I can reproduce this by reverting the patch above in Warp and |
This patch uses the "signature_algorithms" extension in a client hello when a server decides a signature hash algorithm for EC(DHE) parameters to authenticate the server itself. Problem: Go tls client tells that it supports SHA256/SHA384 but not SHA512. Haskell tls server uses SHA512 for EC(DHE).
|
#177 should fix this issue. |
|
This has been fixed. |
I would like to use some Go client to connect to haskell using TLS, however it seems that the Go client doesn't understand SHA512. It correctly sends this information in Client HELO, yet the server responds with SHA512 in the EC Diffie-Hellman server params. It seems to me that the server doesn't merge client and server supported hash algorithms and just uses what the server has in
serverSupported.I limited it and got "unimplemented RSA signature hash type: HashSHA384", limiting it to SHA256 ultimately solved the problem.
The text was updated successfully, but these errors were encountered: