Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A question about signature algorithm #813

Open
luckNuma26 opened this issue Mar 10, 2023 · 3 comments
Open

A question about signature algorithm #813

luckNuma26 opened this issue Mar 10, 2023 · 3 comments

Comments

@luckNuma26
Copy link

When I used test-invalid-version.py to test OpenSSL 1.1.1t 7 Feb 2023, the sanity test passed,
but when I tested OpenSSL 3.0.3 3 May 2022, the sanity test is fail

openssl s_server -key /tmp/localhost.key -cert /tmp/localhost.crt -www
Using default temp DH parameters
ACCEPT
80E28D399F7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:ssl/t1_lib.c:3334:
80E28D399F7F0000:error:0A00018C:SSL routines:tls_early_post_process_client_hello:version too low:ssl/statem/statem_srvr.c:1721:
80E28D399F7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:ssl/t1_lib.c:3334:

I know add extension of ClientHello, for OpenSSL 3.0.3 3 May 2022 sanity test can Pass,

ext[ExtensionType.signature_algorithms] = \
            SignatureAlgorithmsExtension().create(RSA_PSS_RSAE_ALL)

If l don't add extensions, why can OpenSSL 1.1.1t 7 Feb 2023 pass but OpenSSL 3.0.3 3 May 2022 fail,
could you help me ?
@tomato42
Copy link
Member

openssl 3.0 is unnecessarily strict, and will refuse serving a certificate with anything but SHA-1 if the client doesn't advertise signature_algorithms with additional signature algorithms, even if those signature algorithms aren't used in the TLS connection (as is the case for all TLS_RSA_* ciphers)

The test case should be updated to also working with servers that only support DHE/ECDHE key exchange, also to address #563

@luckNuma26
Copy link
Author

But when I use no signature algorithm extension of test-invalid-version.py to test OpenSSL 3.0.3 3 May 2022,Why didn't it turn out no suitable signature algorithm

openssl s_server -key  clientRSAPSSKey.pem   -cert clientRSAPSSCert.pem  -www
80A26872A87F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2384:

If I were to test OpenSSL 1.1.1t 7 Feb 2023

openssl s_server -key  clientRSAPSSKey.pem   -cert clientRSAPSSCert.pem  -www
80E28D399F7F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:ssl/t1_lib.c:3334

As a beginner, I looked up some information, but I still don't understand. Could you tell me more details? Thank you very much

@tomato42
Copy link
Member

error messages from openssl are quite famously unreliable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomato42 @luckNuma26