RFR: 8245527: LDAP Cnannel Binding support for Java GSS/Kerberos
Weijun Wang
weijun.wang at oracle.com
Wed May 27 10:25:15 UTC 2020
> On May 21, 2020, at 3:35 PM, Alexey Bakhtin <alexey at azul.com> wrote:
>
> The hash algorithm is selected on the base of the certificate signature algorithm.
> Also, the client should use SHA-256 algorithm, in case of the certificate signature algorithm is SHA1 or MD5
According to https://www.rfc-editor.org/rfc/rfc5929#section-4.1, this is the right approach. I'm just curious if you have seen newer signature algorithms like RSASSA-PSS and EdDSA used in reality, since the latest TLS spec already defined ciphersuites around them.
Thanks,
Max
More information about the security-dev
mailing list