libtls: ClientHello: extension signature algorithms cert

bytinbit / strongswan

strongSwan - IPsec-based VPN

https://www.strongswan.org

Other

2 stars 0 forks source link

libtls: ClientHello: extension signature algorithms cert #24

Closed ryru closed 4 years ago

ryru commented 4 years ago

Aufwandschätzung: soll=3 Stunden

This extension indicates which signature algorithms the client supports. This can influence the certificate that the server presents to the client, as well as the signature that is sent by the server in the CertificateVerify record.

https://tls13.ulfheim.net/

Consider:

4.2.3. Signature Algorithms

bytinbit commented 4 years ago

RFC 8446, 41: "Implementations which have the same policy in both cases MAY omit the "signature_algorithms_cert" extension". In other words: The two maintainers must decide if we have the same policy or not and thus must implement this extension or not in strongSwan libtls.