Revert rsa_pss_rsae_* support for tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

commit: 9bb3ee436baca2f298fdb66e642ffe6377ad9066 [log] [tgz]
author: Jerry Yu <jerry.h.yu@arm.com> Thu Jun 23 10:16:33 2022 +0800
committer: Jerry Yu <jerry.h.yu@arm.com> Wed Jun 29 16:16:08 2022 +0800
tree: 6d982f7085b39863cfe94ea3ccf04b36ed97cfef
parent: 53f5c151550b27ee690b34914096bdeb990ad574 [diff] [blame]
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 1efbbdb..b720fd3 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c

@@ -264,10 +264,14 @@
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C)
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-/* To fix version negotiation fail with RSA server key.
- * - With TLS1.3 server, `rsa_pss_rsae_*` must be sent.
- * - With TLS1.2 server, `rsa_pkcs1_*` must be sent before `rsa_pss_rsae_*`
- *   - This point is only tested with OpenSSL now.
+/*
+ *   `rsa_pss_rsae_*` MUST BE PUT ARTER `rsa_pkcs1_*` before below compitable fixed
+ *   The compitable issue is When
+ *   - GnuTLS/OpenSSL is configured as tls12 server with rsa key
+ *   - `mebedTLS` is configured as hybrid mode.
+ *   - The order is `rsa_pss_rsae_*`, `rsa_pkcs1_*`.
+ *   GnuTLS/OpenSSL will return `rsa_pss_rsae_*` which are not supported by
+ *   TLS 1.2 in mbedTLS.
  */
 #define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \
                                     (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), \
commit	9bb3ee436baca2f298fdb66e642ffe6377ad9066	[log] [tgz]
author	Jerry Yu <jerry.h.yu@arm.com>	Thu Jun 23 10:16:33 2022 +0800
committer	Jerry Yu <jerry.h.yu@arm.com>	Wed Jun 29 16:16:08 2022 +0800
tree	6d982f7085b39863cfe94ea3ccf04b36ed97cfef
parent	53f5c151550b27ee690b34914096bdeb990ad574 [diff] [blame]