On Fri, Mar 19, 2010 at 6:50 PM, Wan-Teh Chang <w...@google.com> wrote: > 2010/3/19 Mountie Lee <moun...@paygate.net>: >> Hi. >> sha256 certificate means >> client certificate using sha256 for ssl client authentication. > > If you mean the signature in the TLS/SSL CertificateVerify message, > then only TLS 1.2 allows you to use a SHA-256 signature, and NSS > doesn't support TLS 1.2 yet.
I should clarify that NSS can still use a client certificate signed by its CA with a SHA-256 signature to do SSL client authentication. It's just that the signature in the CertificateVerify message will be the format specified in TLS 1.0/SSL 3.0. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
