I want to set up LDAP to use TLS 1.3, and I am having a few problems.
I am running on Linux with OPENLDAP. I can use an RSA certificate to set up the session. That works fine.The problem is trying to use an elliptic certificate on the client.My certificate is ASN1 OID: secp521r1 (NIST CURVE: P-521) signed with Signature Algorithm: ecdsa-with-SHA512.Ive looked at a wireshark trace, and see "certificate types": [rsa_sign, dss_sign]which does not have the expected ecdsa_sign.because ECDSA is not sent down, TLS will not look for the EC certificate in my keystore.Has anyone got this working?My config hassslCipherSpecs GSK_V3_CIPHER_SPECS_EXPANDEDand my environment hasGSK_TRACE=0xff GSK_PROTOCOL_TLSV1_1=on GSK_PROTOCOL_TLSV1_2=on GSK_PROTOCOL_TLSV1_3=on GSK_V3_CIPHER_SPECS_EXPANDED=009E002FC027C013c02dc023c025130313011302 GSK_SERVER_TLS_KEY_SHARES=0023002500290024 GSK_CLIENT_TLS_KEY_SHARES=0023002500290024 GSK_TLS_SIG_ALG_PAIRS=0601050104010301080608050804050304030603
It may just be a matter of the GSK parameters not being set up properly. Ive tried many combinations and not been successful.