[PATCH 00 of 20] tests suite fixes for TLSv1.3
Maxim Dounin
mdounin at mdounin.ru
Sat Mar 18 14:14:55 UTC 2023
Hello!
Here are patch series for the test suite to address test failures
observed with TLSv1.3 enabled with BoringSSL and LibreSSL.
Short summary of the issues seen:
- BoringSSL with TLSv1.3 does not support session reuse via server-side
session cache, only with tickets.
- BoringSSL with TLSv1.3 does not provide $ssl_session_id.
- LibreSSL with TLSv1.3 does not support session reuse.
- LibreSSL with TLSv1.3 fails to negotiate certificates based on
signature algorithms supported by the client, and fails with
"missing rsa certificate" and "unknown pkey type" errors.
- LibreSSL with TLSv1.3 does not send CA lists to the client.
--
Maxim Dounin
More information about the nginx-devel
mailing list