TLS 1.2 server

Simon Josefsson simon at
Mon Oct 26 10:24:09 CET 2009

Nikos Mavrogiannopoulos <nmav at> writes:

> Simon Josefsson wrote:
>> I'll do a release shortly, so we can more easily test how TLS 1.2 works
>> in some real applications now that it is the default.
> Hi,
>  I've checked TLS 1.2 recently, and as far as I understand the only part
> missing is support for SignatureAndHashAlgorithm in Certificate Request,
> as well as the extension 'signature_algorithms'. Am I correct? Is there
> something else missing?

That's missing, right.  Client-authentication with TLS 1.2 and
certificate signing callbacks doesn't seem to be working right either,
the sign callback receives a string of size 36 (SHA1+MD5) but it should
be a PKCS#1 SHA1/SHA2 structure.

> As I see it for the support of SignatureAndHashAlgorithm in Certificate
> Request the handshake must be changed (for the client at least), to hold
> all handshake messages and calculate the hash based on what the server
> sent. This is tricky since if implemented only for TLS 1.2 we have a
> code full of ifs that will be impossible to read. I'll see whether I can
> make something for it the next few days.

Yeah, I know. :-(

My plan was to create some helper functions to do the hashing, and set
up separate hashing for all of MD5, SHA-1, SHA-2 and let the later code
figure out which hash to actually use.  This is wasteful, but that is
the TLS 1.2 design.


More information about the Gnutls-devel mailing list