Hi, the example handshake traces for TLS 1.3 (RFC8448) seems not to fully comply to the TLS 1.3 standard (RFC8446).
RFC8446 in 4.2.3. says that an implementation must not offer deprecated algorithms in the signature algorithms extension: "In TLS 1.2, the extension contained hash/signature pairs. The pairs are encoded in two octets, so SignatureScheme values have been allocated to align with TLS 1.2's encoding. Some legacy pairs are left unallocated. These algorithms are deprecated as of TLS 1.3. They MUST NOT be offered or negotiated by any implementation. In particular, MD5 [SLOTH], SHA-224, and DSA MUST NOT be used." RFC8448 shows in 3. an example with a ClientHello message containing a signature algorithms extension with the deprecated algorithms 0x0402, 0x0502, 0x0602, and 0x0202, which all refer to the DSA algorithm, which must not be used with TLS 1.3. Best regards, Tobias Reiher -- Componolit GmbH · Königsbrücker Straße 124 · 01099 Dresden · Germany Amtsgericht Dresden · HRB 36670 · Sitz Dresden Geschäftsführer: Alexander Senier · USt-IdNr. (EU VATIN): DE312113634 http://componolit.com · @Componolit _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls