Re: How do selfserv and tstclnt specify RSASSA-PSS certificate?
Hi Martin, Thanks for your clarification! 2018-05-31 9:52 GMT+08:00 Martin Thomson : > This was a feature we supported, but we have an open item to restore > full PSS support for TLS after some changes in TLS 1.3 reassigned the > meaning of the codepoints. (It's been a few months, and a low > priority item, but it is still on my todo list). Getting selfserv and > tstclnt to use those keys requires the stack to support them fully, > which - right now - it doesn't. > On Thu, May 31, 2018 at 2:31 AM John Jiang > wrote: > > > > Hi, > > I'm using NSS 3.37. > > > > Tried to specify a RSASSA-PSS certificate for selfserv and tstclnt, but > > looks no option supports this certificate type: "Must specify at least > one > > certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC)." > > But it looks the current NSS supports RSASSA-PSS. > > -- > > dev-tech-crypto mailing list > > dev-tech-crypto@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: How do selfserv and tstclnt specify RSASSA-PSS certificate?
This was a feature we supported, but we have an open item to restore full PSS support for TLS after some changes in TLS 1.3 reassigned the meaning of the codepoints. (It's been a few months, and a low priority item, but it is still on my todo list). Getting selfserv and tstclnt to use those keys requires the stack to support them fully, which - right now - it doesn't. On Thu, May 31, 2018 at 2:31 AM John Jiang wrote: > > Hi, > I'm using NSS 3.37. > > Tried to specify a RSASSA-PSS certificate for selfserv and tstclnt, but > looks no option supports this certificate type: "Must specify at least one > certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC)." > But it looks the current NSS supports RSASSA-PSS. > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
How do selfserv and tstclnt specify RSASSA-PSS certificate?
Hi, I'm using NSS 3.37. Tried to specify a RSASSA-PSS certificate for selfserv and tstclnt, but looks no option supports this certificate type: "Must specify at least one certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC)." But it looks the current NSS supports RSASSA-PSS. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto