Discussion:
How do selfserv and tstclnt specify RSASSA-PSS certificate?
John Jiang
2018-05-30 16:31:11 UTC
Permalink
Hi,
I'm using NSS 3.37.

Tried to specify a RSASSA-PSS certificate for selfserv and tstclnt, but
looks no option supports this certificate type: "Must specify at least one
certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC)."
But it looks the current NSS supports RSASSA-PSS.
--
dev-tech-crypto mailing list
dev-tech-***@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Martin Thomson
2018-05-31 01:52:03 UTC
Permalink
This was a feature we supported, but we have an open item to restore
full PSS support for TLS after some changes in TLS 1.3 reassigned the
meaning of the codepoints. (It's been a few months, and a low
priority item, but it is still on my todo list). Getting selfserv and
tstclnt to use those keys requires the stack to support them fully,
which - right now - it doesn't.
Post by John Jiang
Hi,
I'm using NSS 3.37.
Tried to specify a RSASSA-PSS certificate for selfserv and tstclnt, but
looks no option supports this certificate type: "Must specify at least one
certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC)."
But it looks the current NSS supports RSASSA-PSS.
--
dev-tech-crypto mailing list
https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
dev-tech-***@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
John Jiang
2018-05-31 06:19:52 UTC
Permalink
Hi Martin,
Thanks for your clarification!
Post by Martin Thomson
This was a feature we supported, but we have an open item to restore
full PSS support for TLS after some changes in TLS 1.3 reassigned the
meaning of the codepoints. (It's been a few months, and a low
priority item, but it is still on my todo list). Getting selfserv and
tstclnt to use those keys requires the stack to support them fully,
which - right now - it doesn't.
Post by John Jiang
Hi,
I'm using NSS 3.37.
Tried to specify a RSASSA-PSS certificate for selfserv and tstclnt, but
looks no option supports this certificate type: "Must specify at least
one
Post by John Jiang
certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC)."
But it looks the current NSS supports RSASSA-PSS.
--
dev-tech-crypto mailing list
https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
dev-tech-***@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Loading...