[openssl-users] rsa_pss_pss_*/rsa_pss_rsae_* and TLS_RSA_*/TLS_ECDHE_RSA_*
Jakob Bohm
jb-openssl at wisemo.com
Tue Jun 19 15:11:23 UTC 2018
On 19/06/2018 15:40, John Jiang wrote:
> Using OpenSSL 1.1.1-pre7
>
> Please consider the following cases and handshaking results:
> 1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384
> cipher suite
> Handshaking failed with no suitable cipher
>
> 2. rsa_pss_pss_256 certificate + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> cipher suite
> Handshaking succeeded.
>
> 3. rsa_pss_rsae_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384
> cipher suite
> Handshaking succeeded.
>
> 4. rsa_pss_rsae_256 certificate +
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite
> Handshaking succeeded.
>
> Why did case 1 fail?
The TLS_RSA_ cipher suites require that the premaster secret
is encrypted with the RSA key in the servers certificate.
But an rsa_pss_pss_256 certificate (have not seen that notation
before) is probably a signing-only certificate, that says not
to encrypt anything with its RSA key.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list