Bug 1269239 - NSS does not support all signature methods for Certificate Verify [rhel-6]
Summary: NSS does not support all signature methods for Certificate Verify [rhel-6]
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nss
Version: 6.7
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Daiki Ueno
QA Contact: Hubert Kario
Depends On: 1238369
Blocks: 1172231 1271982 1343211 1321112
TreeView+ depends on / blocked
Reported: 2015-10-06 18:54 UTC by Hubert Kario
Modified: 2019-11-14 07:02 UTC (History)
12 users (show)

Fixed In Version: nss-3.27.1-6.el6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1238369
Last Closed: 2017-03-21 10:25:41 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Mozilla Foundation 1179338 0 None None None 2019-04-30 17:02:09 UTC
Red Hat Product Errata RHEA-2017:0671 0 normal SHIPPED_LIVE nspr and nss bug fix update 2017-03-21 12:35:29 UTC

Description Hubert Kario 2015-10-06 18:54:47 UTC
+++ This bug was initially created as a clone of Bug #1238369 +++

Description of problem:
NSS client can sign Certificate Verify only using SHA256 (the PRF used in ciphersuite) or SHA-1. NSS server requests signature on Certificate Verify only using SHA256 (the PRF used). This makes servers unable to interoperate with clients that can sign only using SHA-1. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Use NSS as client or server in connections that require certificates in TLSv1.2

Actual results:
Certificate Verify always is signed using SHA-256 by NSS client
Certificate Request always asks just for RSA+SHA256, DSA+SHA256 or ECDSA+SHA256

Expected results:
most hashes listed as acceptable by server, especially DSA+SHA1 or RSA+SHA1

Additional info:

--- Additional comment from Hubert Kario on 2015-08-12 09:42:35 EDT ---

This feature is necessary for interoperability between GnuTLS and NSS with TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 ciphersuite and DSA client certificates in TLSv1.2.

--- Additional comment from Hubert Kario on 2015-09-15 13:25:33 EDT ---

This issue breaks communication with Microsoft Internet Explorer clients that have certificates signed with algorithms different than SHA-256.

Since the server asks only for SHA256 signatures, the client refuses to provide its certificate and aborts the connection.

This is the expected behaviour according to https://tools.ietf.org/html/rfc5246#section-7.4.4

Comment 30 errata-xmlrpc 2017-03-21 10:25:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.