>
>
> > (ii) tls version max is set 1.2 and openssl 1.1.1 is in use both on
> > server and client.
> > PSS signing will get negotiated but we will not error out early as TLS
> > 1.3 is not in use.
> >
> > That's why I say that this extension of management-external-key i
On Thu, Nov 15, 2018 at 2:22 AM Arne Schwabe wrote:
>
> >> Unless I overlooked something, I don't see any situation in which we ask
> >> for an unsupported signature.
> >
> > Consider this:
> > (i) config has --management-external-key nopadding but client announces
> version
> > 2. We will not er