You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The signature_algorithms extension is provided in the TLS 1.2 ClientHello and could be used with the existing GetCertificate hook to choose between certificate chains with RSA and ECDSA signatures if exposed in ClientHelloInfo.
(To elaborate, TLS cipher suites specify the certificate format too. So an …_ECDSA_… cipher suite has to use an ECDSA certificate. The crypto/tls code is smart enough not to try and select an RSA cipher suite if you hand it an ECDSA certificate.)
The
signature_algorithms
extension is provided in the TLS 1.2 ClientHello and could be used with the existingGetCertificate
hook to choose between certificate chains with RSA and ECDSA signatures if exposed inClientHelloInfo
./cc @agl
The text was updated successfully, but these errors were encountered: