Thanks for your help!
I tested your patch but it did not change client behavior, most of
browsers still tried to use RSA-PSS in handshake. From TLS 1.3 draft I
understood that if TLS 1.3 is available, client can always choose to use
RSA-PSS, so only way to get this work was to remove TLS 1.3 c
Move ../test/recipes/80-test_ssl_new.t outside of the build root. That means
"throw out". rm -f ../test/recipes/80-test_ssl_new.t also works.
‐‐‐ Original Message ‐‐‐
On Tuesday, September 15, 2020 8:28 PM, vcjouni
wrote:
> Hi,
>
> I tested for openssl-1.1.1g.tar.gz from openssl.org
Hi,
I tested for openssl-1.1.1g.tar.gz from openssl.org in Linux Mint 19.3:
$ patch -p1 < reorder-sigalgs.patch
patching file ssl/t1_lib.c
./config
make
make test
Test Summary Report
---
../test/recipes/80-test_ssl_new.t (Wstat: 256 Tests: 29
Failed: 1)
Fai
Hi,
Last time I saw this error it involved TLS decryption by firewalls that didn't
support RSA-PSS. Why they blow up
when the new, more secure RSA-PSS signature algorithms are used beats me, but
it's principally _on them_ for not supporting the latest IETF standards.
Attached is a patch that re
Hi!
We can not get haproxy-ingress to work with TLS authentication. Only
option to get this work is by using force-tlsv12 and then only Chrome
works. Problem is TLS handshake decrypt error when using RSA-PSS
signature algorithm, handshake fails every time. When we use
force-tlsv12, only Chrom
5 matches
Mail list logo
