Topic: Customizing Signature Algorithms in Client hello - Python

I have been trying to use wolfssl and am writing a python based wolfssl TLS client using the APIs in https://wolfssl.github.io/wolfssl-py/

Everything works great. But I would like to customize the client hello for a specfic test that I want to run against a server. For this, I need to disable all the default TLS extensions added by wolfssl library. For example, I dont want all the "Signature Algorithms" and would like to customize it like I can customize or define what ciphers I want to negotiate. Is this possible?

I also dont want elliptic curve extension or ec_point_formats.Is this possible with the python APIs? (TLSX_SIGNATURE_ALGORITHMS)

Share

Re: Customizing Signature Algorithms in Client hello - Python

Hi sidsinhad,

Signature algorithm extensions will not be sent if you can use a PSK cipher suite. There is no run time option to disable the signature algorithms extensions completely with non PSK cipher suites. You can though disable some at build time by --disable-rsa (turns off all rsa ones) --disable-ecc (turns off all ecc ones) --disable-sha512 (turns off all SHA 512 ones) --disable-sha (disables all SHA1 ones).

To disable the ec curve extensions wolfSSL can be compiled with --disable-supportedcurves.

Regards,
Jacob

Share