Message305380
Thanks for your feature request, Hanno.
It's fairly easy to implement with current API for TLS protocols up to TLS 1.2, e.g. cipher suite "DEFAULT:!aRSA:!aDSS" or "aECDSA:!NULL" for ECDSA certs.
However TLS 1.3 cipher suites no longer specify authentication and KE/KX algorithms, e.g. TLS13-AES-256-GCM-SHA384. I have to find a way to force OpenSSL's state machine to establish a connection with a specific authentication algorithm.
Memo to me: TLS 1.3 also has EdDSA. |
|
Date |
User |
Action |
Args |
2017-11-01 13:19:31 | christian.heimes | set | recipients:
+ christian.heimes, janssen, alex, dstufft, hanno |
2017-11-01 13:19:31 | christian.heimes | set | messageid: <1509542371.7.0.213398074469.issue31892@psf.upfronthosting.co.za> |
2017-11-01 13:19:31 | christian.heimes | link | issue31892 messages |
2017-11-01 13:19:31 | christian.heimes | create | |
|