Changes between Initial Version and Version 1 of Ticket #1392, comment 1


Ignore:
Timestamp:
03/11/21 02:06:40 (4 years ago)
Author:
Selva Nair
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1392, comment 1

    initial v1  
    11Probably your TPM cannot generate RSA-PSS signature. TPM 2.0 potentially supports it (TPM 1.2 does not) and PSS is required for TLS 1.3. Even with TLS1.2, OpenSSL 1.1.1+ defaults to PSS.
    22
    3 If lack of RSA-PSS in your TPM is the problem, your only option may be to downgrade to TLS 1.1 (--tls_version_max 1.1 in config) or generate a new cert/key in newer hardware / windows cert store.
     3If lack of RSA-PSS in your TPM is the problem, your only option may be to downgrade to TLS 1.1 (`--tls_version_max 1.1` in config) or generate a new cert/key in newer hardware / windows cert store.