On Fri, Oct 22, 2021 at 05:55:41PM +0000, Salz, Rich wrote: > > So if OpenSSL client connects to server that supports PSS but not > > TLS 1.3, the connection will fail because the client vomits at the > > server response? > > I *think* it will fail cleanly because it gets an ALERT message, but > I am not sure. I am no longer involved with OpenSSL, I just did a > cursory read of the source.
>From reading the code, I think it won't actually fail. It seems that using TLS 1.3 is the antecedent, and using RSA-PSS is the consequent. The comment is ambiguous on which is which. I can not see any way for that code to affect anything for TLS 1.2, but for TLS 1.3 it definitely seems to make non-PSS RSA signatures fail. -Ilari _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta