[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: x509 AlgorithmIdentifier parameters

From: Philip Martin <philip_at_codematters.co.uk>
Date: Sat, 03 Feb 2018 13:46:50 +0000

Philip Martin <philip_at_codematters.co.uk> writes:

> Philip Martin <philip_at_codematters.co.uk> writes:
>
>> In Marc's case getting a new server cert that is not RSASSA-PSS might be
>> the best solution.
>
> r1822996 fixes the x509 parser on trunk. It doesn't mean that the
> client will be able to verify the RSASSA-PSS certs (you would need an
> OpenSSL fix for that) but it does allow a JavaHL client to accept the
> failure to verify.

Another data point: the behaviour varies between openssl 1.0 and openssl
1.1. With openssl 1.1 the apache server will not even start when using
an RSASSA-PSS cert

  [Sat Feb 03 10:18:03.858279 2018] [ssl:emerg] [pid 2717:tid 139629607192448] SSL Library Error: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

With openssl 1.0 the server does start. I'm using openssl 1.1 to
generate the cert in both cases.

A client using openssl 1.0 will connect to a server serving the
RSASSA-PSS cert. Clients using openssl 1.1 fail to verify cert. The
underlying openssl 1.1 error appears to be

  $ openssl s_client -connect localhost:8887 -CAfile apache2/ssl/ca-cert.pem
  ...
  Verify return code: 68 (CA signature digest algorithm too weak)

This suggests that RSASSA-PSS is obsolete, but as I mentioned earlier in
the thread there are recent changes to the openssl project
adding/extending RSASSA-PSS support as part of TLS 1.3:

  https://github.com/openssl/openssl/issues/2878 

-- 
Philip
Received on 2018-02-03 14:46:59 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.