Open classilla opened 3 years ago
Didn't know that. Can you provide an address to test it with?
This is the list of supported signatures:
if (!context->is_server) {
// signature algorithms
tls_packet_uint16(packet, 0x0D);
tls_packet_uint16(packet, 24);
tls_packet_uint16(packet, 22);
tls_packet_uint16(packet, 0x0403);
tls_packet_uint16(packet, 0x0503);
tls_packet_uint16(packet, 0x0603);
tls_packet_uint16(packet, 0x0804);
tls_packet_uint16(packet, 0x0805);
tls_packet_uint16(packet, 0x0806);
tls_packet_uint16(packet, 0x0401);
tls_packet_uint16(packet, 0x0501);
tls_packet_uint16(packet, 0x0601);
tls_packet_uint16(packet, 0x0203);
tls_packet_uint16(packet, 0x0201);
}
lobste.rs and ish.app were the ones I believe I ran into this first on.
Ok, so after a little debugging, ish.app and std.fyi are working. Not sure about lobste.rs. I think is the same problem that Ron is having. I'm comparing clienthello generated with openssl and TLSe. OpenSSl works, mine doesn't...
@classilla could we close the issue?
I have my own fork of TLSe now and made my own fix for this a long time ago, so I can't say if your fix works or not.
Without it they throw an ALERT MESSAGE 0x02 0x50 which is of course totally unhelpful. Increasing
extension_len
by 22 and then adding this extension to the hello seems to fix it. Note this pretty much allows any kind of cert; maybe we should pare it back to what TLSe actually supports.