Signature Algorithms extension for TLSv1.2 only

Changed to only include the signature algorithms extension for TLSv1.2, since RFC 5246 says: Note: this extension is not meaningful for TLS versions prior to 1.2. Clients MUST NOT offer it if they are offering prior versions. However, even if clients do offer it, the rules specified in [TLSEXT] require servers to ignore extensions they do not understand. Inclusion of the extension for TLS 1.1 didn't seem to cause any harm, but it seems better to follow the RFC and not include it for TLSv1.0 or TLSv1.1.
2025-01-03 23:39:45 +01:00 · 2016-05-05 17:08:40 -04:00 · 2016-05-05 17:08:40 -04:00 · 92c2b60d9b
commit 92c2b60d9b
parent 120a5c86ef
1 changed files with 7 additions and 1 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -4272,11 +4272,17 @@ socksend_tls_clienthello() {
          ,00                      # server_name type (hostname)
          ,00, $len_servername_hex # server_name length. We assume len(hostname) < FF - 9
          ,$servername_hexstr      # server_name target
-          ,$extension_signature_algorithms
          ,$extension_heartbeat
          ,$extension_session_ticket
          ,$extension_next_protocol"

+          # RFC 5246 says that clients MUST NOT offer the signature algorithms
+          # extension if they are offering TLS versions prior to 1.2.
+          if [[ "$tls_low_byte" == "03" ]]; then
+               all_extensions="$all_extensions
+               ,$extension_signature_algorithms"
+          fi
+
          if $ecc_cipher_suite_found; then
               all_extensions="$all_extensions
               ,$extensions_ecc"