Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Selecting a cipher based on "signature_algorithms" #193
I added a new test case specific to TLS 1.2 where handshake can either succeed or fail depending on client and server
I also added code for DSA certificates, so that the QuickCheck properties can test more combinations.
Function credentialCanDecrypt allowed a non-RSA credential when the certificate did not have a key usage.
Now that signature_algorithms extension is used to sign the ServerKeyXchg, this creates a possibility that client and server don't agree on the hash algorithm. When this happens a cipher with a different key-exchange should have been selected. We now skip ciphers when the key-exchange is not possible because of this reason.