Cannot force RSA with TLS 1.3

Question

Cannot force RSA with TLS 1.3

Closed this issue 2 years ago · 3 comments

Describe the bug

When i force certificate type with --rsa option, handshake fails.

To Reproduce

I tested it against my local exim, without specific TLS settings on debian testing with new self-signed certificate (but the same result i get for my public MX with public LE cert), the system prefers TLS1.3 over older versions:

check_ssl_cert -H bonifac.skk --resolve 127.0.0.1 -P smtp --ignore-host-cn --allow-empty-san -s --terse --rsa
SSL_CERT CRITICAL bonifac.skk:smtp: Handshake failure

Adding --tls1_2 "solves" issue, but it is less than ideal. With debug output i found, that it uses:

-sigalgs 'RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1'

When i try openssl directly with that sigalgs, i got the same result (as expected). After adding RSA-PSS+SHA256 to algos, the openssl successfully finishes handshake:

echo quit | openssl s_client -crlf -starttls smtp -connect 127.0.0.1:25 -servername bonifac.skk -sigalgs 'RSA-PSS+SHA256:RSA+SHA256' -name bonifac
CONNECTED(00000003)
cut
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
cut

As you can see, the RSA-PSS signature is used, please add these algos.

Expected behavior

Success handshake.

System (please complete the following information):

check_ssl_cert version: 2.60.0
OpenSSL version (openssl version): 3.0.8

Answer 1 · 2023-03-10T10:48:33.000Z

IMO, you have to add other combinations too: SHA-512 and SHA-384

Answer 2 · 2023-03-10T15:43:13.000Z

Thanks, I committed the change. If you need a new release just let me know ...

Answer 3 · 2023-03-10T21:56:24.000Z

Don't worry with new version, at least for me ;-)