Why are RSA_PSS_SHA256 and SHA256/RSA prior to SHA384/ECDSA?

82 views
Skip to first unread message

Gentry Deng

unread,
May 24, 2022, 7:11:04 PM5/24/22
to Chromium-discuss
Hello,

I noticed that Chromium's Signature algorithms sort is: SHA256/ECDSA, RSA_PSS_SHA256, SHA256/RSA, SHA384/ECDSA, RSA_PSS_SHA384, SHA384/RSA, RSA_PSS_SHA512, SHA512/RSA

Is this determined by BoringSSL? And why is it defined this way?
This leads to, if a website offers dual certificates, one with RSA 4096 strength and the other with ECC 384 strength, Chromium will get the RSA certificate.

Best Regards,
Gentry

metter

unread,
Jun 18, 2022, 11:42:55 PM6/18/22
to Chromium-discuss, weplays...@gmail.com
You don't need to worry about this, use ECDSA certificate or RSA certificate decided by cipher not this , if server prefer ECDSA cipher chrome will use ECDSA certificate if server prefer RSA cipher chrome will use RSA certificate if

Gentry Deng

unread,
Jun 19, 2022, 12:08:54 AM6/19/22
to Chromium-discuss, metter, Gentry Deng
No, it is related.
As I said before, RSA certificates take precedence over ECC 384 certificates.

Reply all
Reply to author
Forward
0 new messages