Skip to content

Comments

Suggestions Ryan Appel#13

Merged
bwesterb merged 1 commit intomainfrom
bas/appel
Sep 25, 2025
Merged

Suggestions Ryan Appel#13
bwesterb merged 1 commit intomainfrom
bas/appel

Conversation

@bwesterb
Copy link
Collaborator

No description provided.

## TLS 1.2
The schemes defined in this document MUST NOT be used in TLS 1.2 {{RFC5246}}.
The schemes defined in this document MUST NOT be used in TLS 1.2 {{RFC5246}}
or earlier versions.
Copy link
Contributor

@tomato42 tomato42 May 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

technically speaking, there is no way to use signature_algorithms in TLS 1.1 or earlier, so it's not possible to use those schemes and still have a standard-following implementation...

also, TLS 1.1 is deprecated: RFC8996

(not saying it's wrong to have this, but I don't think omitting it is wrong either)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed—SignatureScheme is a TLS 1.3 type anyway, right? So TLS 1.2 is perhaps also superfluous.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not really, the TLS 1.3 specification allows use of the RSA-PSS signatures in TLS 1.2, and they are defined as SignatureScheme's only

@bwesterb bwesterb merged commit 8dc4ce7 into main Sep 25, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants