How do selfserv and tstclnt specify RSASSA-PSS certificate?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

How do selfserv and tstclnt specify RSASSA-PSS certificate?

John Jiang
Hi,
I'm using NSS 3.37.

Tried to specify a RSASSA-PSS certificate for selfserv and tstclnt, but
looks no option supports this certificate type: "Must specify at least one
certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC)."
But it looks the current NSS supports RSASSA-PSS.
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: How do selfserv and tstclnt specify RSASSA-PSS certificate?

Martin Thomson
This was a feature we supported, but we have an open item to restore
full PSS support for TLS after some changes in TLS 1.3 reassigned the
meaning of the codepoints.  (It's been a few months, and a low
priority item, but it is still on my todo list).  Getting selfserv and
tstclnt to use those keys requires the stack to support them fully,
which - right now - it doesn't.
On Thu, May 31, 2018 at 2:31 AM John Jiang <[hidden email]> wrote:

>
> Hi,
> I'm using NSS 3.37.
>
> Tried to specify a RSASSA-PSS certificate for selfserv and tstclnt, but
> looks no option supports this certificate type: "Must specify at least one
> certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC)."
> But it looks the current NSS supports RSASSA-PSS.
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: How do selfserv and tstclnt specify RSASSA-PSS certificate?

John Jiang
Hi Martin,
Thanks for your clarification!

2018-05-31 9:52 GMT+08:00 Martin Thomson <[hidden email]>:

> This was a feature we supported, but we have an open item to restore
> full PSS support for TLS after some changes in TLS 1.3 reassigned the
> meaning of the codepoints.  (It's been a few months, and a low
> priority item, but it is still on my todo list).  Getting selfserv and
> tstclnt to use those keys requires the stack to support them fully,
> which - right now - it doesn't.
> On Thu, May 31, 2018 at 2:31 AM John Jiang <[hidden email]>
> wrote:
> >
> > Hi,
> > I'm using NSS 3.37.
> >
> > Tried to specify a RSASSA-PSS certificate for selfserv and tstclnt, but
> > looks no option supports this certificate type: "Must specify at least
> one
> > certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC)."
> > But it looks the current NSS supports RSASSA-PSS.
> > --
> > dev-tech-crypto mailing list
> > [hidden email]
> > https://lists.mozilla.org/listinfo/dev-tech-crypto
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto