-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
is there -Verify 1 option in TLS-Attacker server mode #102
Comments
No, you would need to check this yourself. |
how to check ? any example. |
|
tlsattacker in server mode giving fatal illegal_parameter when I am passing certificate and key |
Please also provide openssl's error message. I'm not sure if setting a cert for s_client enforces that the server requests a certificate. As you can see in the debug output, TLS-Attacker does not send a CertificateRequest. Openssl would thus lack the certificate request context required for the Certificate message. |
please find openssl s_client output:
|
Which openssl version is this? |
|
I'm not sure what's causing the alert. Openssl's error I talked to @ic0ns and he mentioned that there are different OIDs that define if a key is meant to be used for both RSA_PSS_RSAE and RSA_PSS_PSS. Does the same configuration work if you enforce an RSA_PSS_RSAE signature algorithm? |
only when I am using RSA-PSS Certificate getting this error |
openssl s_server -key p256.key -cert p256.crt -msg -tls1_3 -Verify 1
-Verify 1 enforces the connection to proceed only when client provides a certificate.
Is there any option to replicate above command in TLS-Attacker in Server Mode?
The text was updated successfully, but these errors were encountered: