On Mon, Jan 11, 2016 at 11:38:25PM +0000, Andrei Popov wrote: > Yes, per RFC 5246: > " If the client provided a "signature_algorithms" extension, then all > certificates provided by the server MUST be signed by a > hash/signature algorithm pair that appears in that extension."
Yes. Though for the record, and as discussed ad nauseam before, this is a bug in the RFC, and should not be implemented as written. (Please let's not re-open that thread). Ideally, at some point SChannel will implement the TLS 1.3 draft bug fix also for TLS 1.2. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls