Closed ryru closed 4 years ago
RFC 8446, 41: "Implementations which have the same policy in both cases MAY omit the "signature_algorithms_cert" extension". In other words: The two maintainers must decide if we have the same policy or not and thus must implement this extension or not in strongSwan libtls.
Aufwandschätzung: soll=3 Stunden
This extension indicates which signature algorithms the client supports. This can influence the certificate that the server presents to the client, as well as the signature that is sent by the server in the CertificateVerify record.
https://tls13.ulfheim.net/
Consider: