[openssl-dev] [openssl.org #4390] [PATCH] Don't send signature algorithms when client_version is below TLS 1.2.

David Benjamin via RT rt at openssl.org
Mon Mar 7 21:58:12 UTC 2016

Per RFC 5246,

    Note: this extension is not meaningful for TLS versions prior to 1.2.
    Clients MUST NOT offer it if they are offering prior versions.
    However, even if clients do offer it, the rules specified in [TLSEXT]
    require servers to ignore extensions they do not understand.

Although second sentence would suggest that there would be no interop
problems in always offering the extension, WebRTC has reported issues with
Bouncy Castle on < TLS 1.2 ClientHellos that still include
signature_algorithms. See also

Just about any TLS 1.2 client test in BoringSSL's test suite can be used to
repro this:


Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4390
Please log in as guest with password guest if prompted

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Don-t-send-signature-algorithms-when-client_version-.patch
Type: application/octet-stream
Size: 1320 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160307/21138774/attachment.obj>

More information about the openssl-dev mailing list