TLS 1.2 server

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Oct 24 05:03:15 CEST 2009


Simon Josefsson wrote:

> I'll do a release shortly, so we can more easily test how TLS 1.2 works
> in some real applications now that it is the default.

Hi,
 I've checked TLS 1.2 recently, and as far as I understand the only part
missing is support for SignatureAndHashAlgorithm in Certificate Request,
as well as the extension 'signature_algorithms'. Am I correct? Is there
something else missing?

As I see it for the support of SignatureAndHashAlgorithm in Certificate
Request the handshake must be changed (for the client at least), to hold
all handshake messages and calculate the hash based on what the server
sent. This is tricky since if implemented only for TLS 1.2 we have a
code full of ifs that will be impossible to read. I'll see whether I can
make something for it the next few days.

regards,
Nikos





More information about the Gnutls-devel mailing list