Start of change

Certificate selection

The ordered signature algorithm certificate list is sent to the peer when System TLS requests a certificate during the handshake. The peer uses the received list to guide the certificate selection process.

The peer should select a certificate that conforms to the list, however, that is not true for all implementations and configurations. System TLS treats a received certificate with an undesired signature algorithm as a session error unless optional client authentication is configured. When System TLS receives a client certificate request and is unable to select a conforming certificate, its behavior depends on the TLS protocol version. TLSv1.3 does not send a client certificate. TLSv1.2 sends an available nonconforming RSA or ECDSA certificate. The peer determines whether this certificate results in a session error. For more information about System TLS certificate selection logic, see Multiple certificate selection.

System TLS has the infrastructure to support the following certificate signature algorithms:
  • ECDSA_SHA512
  • ECDSA_SHA384
  • ECDSA_SHA256
  • ECDSA_SHA224
  • ECDSA_SHA1
  • Start of changeRSA_PSS_SHA512End of change
  • Start of changeRSA_PSS_SHA384End of change
  • Start of changeRSA_PSS_SHA256End of change
  • RSA_SHA512
  • RSA_SHA384
  • RSA_SHA256
  • RSA_SHA224
  • RSA_SHA1
  • RSA_MD5

Enabled certificate signature algorithms

The System Service Tools (SST) Advanced Analysis command TLSCONFIG identifies the signature algorithms that are enabled for use in certificates on the system. Applications can negotiate secure sessions only with certificates that use the signature algorithms that are listed for TLSCONFIG option supportedSignatureAlgorithmCertificateList.

To determine the current value of the enabled signature algorithm certificate list on the system, use TLSCONFIG option display or the Retrieve TLS Attributes (QsoRtvTLSA) API. If the enabled signature algorithm certificate list must be changed on the system, use TLSCONFIG option supportedSignatureAlgorithmCertificateList to change the value. TLSCONFIG option h displays the help text that describes how to set the signature algorithm certificate list. Only signature algorithm values that are listed in the help text can be added to the list.

Note: The TLSCONFIG supportedSignatureAlgorithmCertificateList setting is reset by installing the Licensed Internal Code (LIC).
Example of setting SHA2 signature algorithms as the supported certificate signature algorithms on the system:
TLSCONFIG -supportedSignatureAlgorithmCertificateList:36,35,34,16,15,14
System TLS with the latest PTF CUM package installed has the following list of supported certificate signature algorithms:
  • ECDSA_SHA512
  • ECDSA_SHA384
  • ECDSA_SHA256
  • ECDSA_SHA224
  • ECDSA_SHA1
  • Start of changeRSA_PSS_SHA512End of change
  • Start of changeRSA_PSS_SHA384End of change
  • Start of changeRSA_PSS_SHA256End of change
  • RSA_SHA512
  • RSA_SHA384
  • RSA_SHA256
  • RSA_SHA224
  • RSA_SHA1
  • RSA_MD5

Default certificate signature algorithms

When an application does not specify a signature algorithm certificate list, the System TLS default signature algorithm certificate list is used. Applications use this design to pick up new TLS support without requiring application code changes. The default signature algorithm certificate list has no meaning for applications that explicitly specify the signature algorithm certificate list for the application.

The default signature algorithm certificate list on a system is the intersection of the enabled signature algorithm certificate list and the eligible default signature algorithm certificate list. The eligible default signature algorithm certificate list is configured by using TLSCONFIG option defaultSignatureAlgorithmCertificateList.

To determine the current value of the eligible default signature algorithm certificate list on the system, use TLSCONFIG option display or the Retrieve TLS Attributes (QsoRtvTLSA) API.

Consider changing the default signature algorithm certificate settings only when no other configuration setting allows an application to interoperate with peers successfully. It is preferred to enable an older signature algorithm for only the specific application that requires it. When the application has an “application definition,” this enablement is accomplished through the Digital Certificate Manager (DCM).

If the default signature algorithm certificate list must be changed on the system, use TLSCONFIG option defaultSignatureAlgorithmCertificateList to change the value. TLSCONFIG option h displays the help text that describes how to set the signature algorithm certificate list. Only signature algorithm versions that are listed in the help text can be added to the list.

Note: The TLSCONFIG defaultSignatureAlgorithmCertificateList setting is reset by installing the Licensed Internal Code (LIC).
Example of setting the ECDSA signature algorithms as the default signature algorithms allowed for certificates on the system:
TLSCONFIG -defaultSignatureAlgorithmCertificateList:36,35,34
The following displays the order of the shipped default signature algorithm certificate list with the latest PTF CUM package installed:
  • ECDSA_SHA512
  • ECDSA_SHA384
  • ECDSA_SHA256
  • Start of changeRSA_PSS_SHA512End of change
  • Start of changeRSA_PSS_SHA384End of change
  • Start of changeRSA_PSS_SHA256End of change
  • RSA_SHA512
  • RSA_SHA384
  • RSA_SHA256
End of change