TLS 1.2 server
simon at josefsson.org
Mon Oct 26 10:24:09 CET 2009
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> Simon Josefsson wrote:
>> I'll do a release shortly, so we can more easily test how TLS 1.2 works
>> in some real applications now that it is the default.
> I've checked TLS 1.2 recently, and as far as I understand the only part
> missing is support for SignatureAndHashAlgorithm in Certificate Request,
> as well as the extension 'signature_algorithms'. Am I correct? Is there
> something else missing?
That's missing, right. Client-authentication with TLS 1.2 and
certificate signing callbacks doesn't seem to be working right either,
the sign callback receives a string of size 36 (SHA1+MD5) but it should
be a PKCS#1 SHA1/SHA2 structure.
> As I see it for the support of SignatureAndHashAlgorithm in Certificate
> Request the handshake must be changed (for the client at least), to hold
> all handshake messages and calculate the hash based on what the server
> sent. This is tricky since if implemented only for TLS 1.2 we have a
> code full of ifs that will be impossible to read. I'll see whether I can
> make something for it the next few days.
Yeah, I know. :-(
My plan was to create some helper functions to do the hashing, and set
up separate hashing for all of MD5, SHA-1, SHA-2 and let the later code
figure out which hash to actually use. This is wasteful, but that is
the TLS 1.2 design.
More information about the Gnutls-devel