diff --git a/ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt b/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt similarity index 75% rename from ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt rename to ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt index d588cbd05..f88eb9ed4 100644 --- a/ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt +++ b/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt @@ -1,7 +1,8 @@ -Bugfix +Features * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate declaring an RSA public key and Mbed TLS is configured in hybrid mode, if `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm for its signature in the key exchange message. As Mbed TLS 1.2 does not - support them, the handshake fails. + support them, the handshake fails. Add `rsa_pss_rsae_*` support for TLS 1.2 + to resolve the compitablity issue. diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b27fe61f0..357a10f20 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12730,7 +12730,7 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.2: Check rsa_pss_rsae compitable issue, m->O" \ +run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -msg -tls1_2 -Verify 10 " \ @@ -12746,7 +12746,7 @@ requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.2: Check rsa_pss_rsae compitable issue, m->G" \ +run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \ "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \