Opened 9 years ago
TLS 1.2 ClientHello Signature Algorithms extension incomplete.
|Reported by:||Jim Heit||Owned by:|
|Component version:||Operating system type:||Windows|
|Operating system version:||Windows 7 Enterprise fully pathched|
RFC 5246 which defines the TLS 1.2 protocol added a new optional extension to the ClientHello handshake message. This is detailed in section 126.96.36.199.1. of the RFC. If this extension is included in the ClientHello, it must contain all of the signature algorithms that the client is willing to accept. Here is a quote: "If the client supports only the default hash and signature algorithms
(listed in this section), it MAY omit the signature_algorithms
extension. If the client does not support the default algorithms, or supports other hash and signature algorithms (and it is willing to use them for verifying messages sent by the server, i.e., server
certificates and server key exchange), it MUST send the
signature_algorithms extension, listing the algorithms it is willing
The list sent by FileZilla Client 3.6.0-rc1 includes these in its preferred order: SHA384/RSA, SHA384/ECDSA, SHA512/RSA, SHA512/ECDSA,
SHA256/RSA, SHA256/DSA, SHA256/ECDSA, SHA1/DSA, and MD5/RSA.
This list is conspicuously missing SHA1/RSA. This should be added.
If you are considering a response (see ticket #7864) of "We don't support SHA1 anymore", I would point out that SHA1/DSA in included in this list, as well as MD5/RSA. If you are considering a response of "SHA1/RSA is the default, we don't need to specify it", I would point out that according to the RFC (see quote above) if the extension is used, it must list all supported signature algorithms--also, SHA1/DSA is included, and it is a default accoring to the RFC if the extension is not used. The bug fix is to include SHA1/RSA in the signature extensions.