mbedtls/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt
Jerry Yu eec4f03c60 fix typo and changelog entry issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00

8 lines
527 B
Text

Features
* When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
`rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
for its signature in the key exchange message. As Mbed TLS 1.2 does not
support them, the handshake fails. Add `rsa_pss_rsae_*` support for TLS 1.2
to resolve the compitablity issue.