Changes between Initial Version and Version 1 of Ticket #1392, comment 1
- Timestamp:
- 03/11/21 02:06:40 (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1392, comment 1
initial v1 1 1 Probably your TPM cannot generate RSA-PSS signature. TPM 2.0 potentially supports it (TPM 1.2 does not) and PSS is required for TLS 1.3. Even with TLS1.2, OpenSSL 1.1.1+ defaults to PSS. 2 2 3 If lack of RSA-PSS in your TPM is the problem, your only option may be to downgrade to TLS 1.1 ( --tls_version_max 1.1in config) or generate a new cert/key in newer hardware / windows cert store.3 If lack of RSA-PSS in your TPM is the problem, your only option may be to downgrade to TLS 1.1 (`--tls_version_max 1.1` in config) or generate a new cert/key in newer hardware / windows cert store.