Description of problem:
It's impossible to change supported signature algorithms in strsclnt utility, which together with rsa_pss_pss_* signature algorithms being disabled by default, means that it's not possible to test interoperability of session resumption with RSA-PSS certificates
Version-Release number of selected component (if applicable):
nss-3.41.0-5.el8.x86_64
How reproducible:
always
Steps to Reproduce:
1. run strsclnt -J rsa_pss_pss_sha256
2.
3.
Actual results:
command prints help message and complains about unrecognised option
Expected results:
command runs, is able to connect to server using rsa-pss key
Additional info:
I would be tempted to set this to low, but while it doesn't really affect customers, it does affect QA's ability to test this, so I'm bumping it up to medium.