Closed Nellta closed 1 year ago
Yes I think PSS_PSS is not yet fully implemented. We have a prototype internally which will 'eventually' reach the public master. However, it is part of a bigger rework and will probably take some time...
Ok, thanks for the answer. I'll just have to wait for the next release!
Hello!
I started a server with the following command in the apps directory:
And then I simply try to connect to it with openssl:
However this fails and I get the following output:
I am wondering if I'm missing some line in the default tls 1.3 config file I am using?
PS. I forgot to add that I have edited the default tls13.config file to support RSA_PSS_PSS. instead of RSA_PSS_RSAE.
UPDATE:
I later tried to simply supply my own self signed certificate for rsa_pss_pss_sha384 (I switched to sha384) which I created with:
And when I then ran the same command with the -cert /-key parameters added I instead got a new warning:
Which turned out to be because the above ID for rsa_psspss* is not implemented in the CertificateKeyPair.java file. If I edited that file to return CertificateKeyType.RSA and SignatureAndHashAlgorithm.RSA_PSS_PSS_SHA384 as the default case and then rebuild the whole project, the connection is established with the correct signature.
Am I correct in assuming that rsa_pss_pss aren't fully implemented, or did I just do something weird that turned out to work?
As a final note the above self signed certificate works fine if I run it with openssl s_server and try to make a simple connection with openssl s_client