mTLS with RSA (non-ECC) eID cards not working on TLS 1.3
53 views
Skip to first unread message
Jo Van Hoof
Nov 23, 2025, 8:08:40 AM (11 days ago) Nov 23
to eID Middleware Dev
Hello, we've encountered issues with mTLS using non-ECC eID cards when enabling TLS 1.3 on our endpoint.
We can easily reproduce the issue using OpenSSL (tested with OpenSSL 3.2.2 as the server and a Windows PC with the latest eID middleware (5.1.23.6205) as the client):
openssl s_server -key xxx.key -cert xxx.cer -chainCAfile chain.cer -CAfile belgiumrootcas.pem -Verify 1 -www -tls1_2 -cipher ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 -port 8443
-> works with ECC and non-ECC cards
openssl s_server -key xxx.key -cert xxx.cer -chainCAfile chain.cer -CAfile belgiumrootcas.pem -Verify 1 -www -tls1_3 -cipher ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 -port 8443
-> works only with ECC cards
After digging a bit deeper, this appears to be related to the removal of support for rsa_pkcs1_sha256 as a client signature algorithm in TLS 1.3 (see RFC 8446).
We can also reproduce the issue on TLS 1.2 when modifying this client signature algorithm :
openssl s_server -key xxx.key -cert xxx.cer -chainCAfile chain.cer -CAfile belgiumrootcas.pem -Verify 1 -www -tls1_2 -cipher ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 -port 8443 -client_sigalgs rsa_pss_pss_sha256:rsa_pss_rsae_sha256:rsa_pkcs1_sha256
-> works with non-ecc cards
openssl s_server -key xxx.key -cert xxx.cer -chainCAfile chain.cer -CAfile belgiumrootcas.pem -Verify 1 -www -tls1_2 -cipher ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 -port 8443 -client_sigalgs rsa_pss_pss_sha256:rsa_pss_rsae_sha256
-> does not work with non-ECC cards
I’m not an expert on this topic, but according to the documentation https://github.com/Fedict/eid-mw/blob/master/doc/sdk/documentation/Applet%201.7%20eID%20Cards/Public_Belpic_Applet_v1%207_Ref_Manual%20-%20A01.pdf (page 31), the PSS signature algorithm *should* be supported.
What am I missing here? Does anyone have more insight into this issue?
We can easily reproduce the issue using OpenSSL (tested with OpenSSL 3.2.2 as the server and a Windows PC with the latest eID middleware (5.1.23.6205) as the client):
openssl s_server -key xxx.key -cert xxx.cer -chainCAfile chain.cer -CAfile belgiumrootcas.pem -Verify 1 -www -tls1_2 -cipher ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 -port 8443
-> works with ECC and non-ECC cards
openssl s_server -key xxx.key -cert xxx.cer -chainCAfile chain.cer -CAfile belgiumrootcas.pem -Verify 1 -www -tls1_3 -cipher ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 -port 8443
-> works only with ECC cards
After digging a bit deeper, this appears to be related to the removal of support for rsa_pkcs1_sha256 as a client signature algorithm in TLS 1.3 (see RFC 8446).
We can also reproduce the issue on TLS 1.2 when modifying this client signature algorithm :
openssl s_server -key xxx.key -cert xxx.cer -chainCAfile chain.cer -CAfile belgiumrootcas.pem -Verify 1 -www -tls1_2 -cipher ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 -port 8443 -client_sigalgs rsa_pss_pss_sha256:rsa_pss_rsae_sha256:rsa_pkcs1_sha256
-> works with non-ecc cards
openssl s_server -key xxx.key -cert xxx.cer -chainCAfile chain.cer -CAfile belgiumrootcas.pem -Verify 1 -www -tls1_2 -cipher ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 -port 8443 -client_sigalgs rsa_pss_pss_sha256:rsa_pss_rsae_sha256
-> does not work with non-ECC cards
I’m not an expert on this topic, but according to the documentation https://github.com/Fedict/eid-mw/blob/master/doc/sdk/documentation/Applet%201.7%20eID%20Cards/Public_Belpic_Applet_v1%207_Ref_Manual%20-%20A01.pdf (page 31), the PSS signature algorithm *should* be supported.
What am I missing here? Does anyone have more insight into this issue?
Frederik Vernelen
Nov 23, 2025, 8:51:14 AM (11 days ago) Nov 23
to eID Middleware Dev
Hello
Thank you for your analysis and reporting of this issue.
This seems to be on our side. we'll have a look on fixing it.
Wkr
Frederik
--
You received this message because you are subscribed to the Google Groups "eID Middleware Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to eid-middleware-...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/eid-middleware-dev/1de1c7da-6232-4611-aeac-c4a8a6024107n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages