2018-06-19 23:11 GMT+08:00 Jakob Bohm <jb-open...@wisemo.com>:

> On 19/06/2018 15:40, John Jiang wrote:
>
>> Using OpenSSL 1.1.1-pre7
>>
>> Please consider the following cases and handshaking results:
>> 1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher
>> suite
>> Handshaking failed with no suitable cipher
>>
>> 2. rsa_pss_pss_256 certificate + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>> cipher suite
>> Handshaking succeeded.
>>
>> 3. rsa_pss_rsae_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher
>> suite
>> Handshaking succeeded.
>>
>> 4. rsa_pss_rsae_256 certificate + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>> cipher suite
>> Handshaking succeeded.
>>
>> Why did case 1 fail?
>>
> The TLS_RSA_ cipher suites require that the premaster secret
> is encrypted with the RSA key in the servers certificate.
> But an rsa_pss_pss_256 certificate (have not seen that notation
> before) is probably a signing-only certificate, that says not
> to encrypt anything with its RSA key.
>
Why does rsa_pss_rsae_256 + TLS_RSA_* work?
It sounds that rsa_pss_pss_256 and rsa_pss_rsae_256 are the same signature
scheme.

Thanks!
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to