Description of problem:
NSS 3.28 server that has only ECDSA certificate with P-384 curve will not sign Server Key Exchange message with SHA-256 if client advertises support only for SHA-1 and SHA-256 ECDSA signatures
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Setup NSS server with P-384 curve
2. Connect with client advertising P-256 and P-384 curves as well as SHA-256+ECDSA signature only
This is caused by applying TLSv1.3 semantics to the Signature Algorithms extension even when the connection negotiated TLSv1.2 protocol.
Upstream confirmed a minimal fix is sufficient, which changes a bool parameter.
See the upstream bug for the patch.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.