+++ This bug was initially created as a clone of Bug #1238369 +++
Description of problem:
NSS client can sign Certificate Verify only using SHA256 (the PRF used in ciphersuite) or SHA-1. NSS server requests signature on Certificate Verify only using SHA256 (the PRF used). This makes servers unable to interoperate with clients that can sign only using SHA-1.
Version-Release number of selected component (if applicable):
nss-3.19.1-5.el7_1
How reproducible:
Always
Steps to Reproduce:
1. Use NSS as client or server in connections that require certificates in TLSv1.2
Actual results:
Certificate Verify always is signed using SHA-256 by NSS client
Certificate Request always asks just for RSA+SHA256, DSA+SHA256 or ECDSA+SHA256
Expected results:
most hashes listed as acceptable by server, especially DSA+SHA1 or RSA+SHA1
Additional info:
--- Additional comment from Hubert Kario on 2015-08-12 09:42:35 EDT ---
This feature is necessary for interoperability between GnuTLS and NSS with TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 ciphersuite and DSA client certificates in TLSv1.2.
--- Additional comment from Hubert Kario on 2015-09-15 13:25:33 EDT ---
This issue breaks communication with Microsoft Internet Explorer clients that have certificates signed with algorithms different than SHA-256.
Since the server asks only for SHA256 signatures, the client refuses to provide its certificate and aborts the connection.
This is the expected behaviour according to https://tools.ietf.org/html/rfc5246#section-7.4.4
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHEA-2017-0671.html