TLS 1.2 server

Nikos Mavrogiannopoulos nmav at
Sat Oct 24 05:03:15 CEST 2009

Simon Josefsson wrote:

> I'll do a release shortly, so we can more easily test how TLS 1.2 works
> in some real applications now that it is the default.

 I've checked TLS 1.2 recently, and as far as I understand the only part
missing is support for SignatureAndHashAlgorithm in Certificate Request,
as well as the extension 'signature_algorithms'. Am I correct? Is there
something else missing?

As I see it for the support of SignatureAndHashAlgorithm in Certificate
Request the handshake must be changed (for the client at least), to hold
all handshake messages and calculate the hash based on what the server
sent. This is tricky since if implemented only for TLS 1.2 we have a
code full of ifs that will be impossible to read. I'll see whether I can
make something for it the next few days.


More information about the Gnutls-devel mailing list