From 1539f9326e62e91d2aba936b1d681e44db17dbdf Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 5 Mar 2016 19:49:20 -0500 Subject: [PATCH 4/7] Don't send signature algorithms when client_version is below TLS 1.2. Per RFC 5246, Note: this extension is not meaningful for TLS versions prior to 1.2. Clients MUST NOT offer it if they are offering prior versions. However, even if clients do offer it, the rules specified in [TLSEXT] require servers to ignore extensions they do not understand. Although second sentence would suggest that there would be no interop problems in always offering the extension, WebRTC has reported issues with Bouncy Castle on < TLS 1.2 ClientHellos that still include signature_algorithms. See also https://bugs.chromium.org/p/webrtc/issues/detail?id=4223 --- ssl/t1_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index d4f0f1d..54cc8b1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1320,7 +1320,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, } skip_ext: - if (SSL_USE_SIGALGS(s)) { + if (SSL_CLIENT_USE_TLS1_2_CIPHERS(s)) { size_t salglen; const unsigned char *salg; unsigned char *etmp; -- 2.5.4 (Apple Git-61)