TaSK icon indicating copy to clipboard operation
TaSK copied to clipboard

Published 20 hours ago verified publisher icon BSI-Bund

The requirement of signature_algorithms in TLS 1.3 inconsistent with RFC 8446

Open huiyuexu opened this issue 1 year ago • 0 comments

Issue Type: Test Principles

Testcase name: signature_algorithms extension

Testcase number: TLS_B1_GP_03_T

Test code: TLS_B1_GP_03_T.java

Description: The test tool only allows that the algorithm in "signature_algorithms extension" is consistent with the public key algorithm in certificate, which complies with RFC5246 (TLS 1.2).

But the TLS 1.3 (RFC 8446) does not make such a requirement refer to 4.4.2.2.

   If the server cannot produce a certificate chain that is signed only
   via the indicated supported algorithms, then it SHOULD continue the
   handshake by sending the client a certificate chain of its choice
   that may include algorithms that are not known to be supported by the
   client.  This fallback chain SHOULD NOT use the deprecated SHA-1 hash
   algorithm in general, but MAY do so if the client's advertisement
   permits it, and MUST NOT do so otherwise.

I don't know if my understanding is correct, hope to get your reply.

huiyuexu avatar Oct 11 '23 02:10 huiyuexu