ssl: Improve handling of signature algorithms

TLS 1.2 ClientHello caused handshake failure in the TLS 1.2 server
if the signature_algorithms_cert extension contained legacy algorithms.

Update TLS 1.2 server to properly handle legacy signature algorithms
in the signature_algorithms_cert extension.

Update TLS 1.3 client so that it can send legacy algorithms in its
signature_algorithms_cert extension.

1 files changed, 20 insertions, 2 deletions

diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 27cd5765e5..f7c8c770ae 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -606,8 +606,26 @@ signature_schemes(Version, SignatureSchemes) when is_tuple(Version)
                           Acc
                   end;
               %% Special clause for filtering out the legacy hash-sign tuples.
-              (_ , Acc) ->
-                  Acc
+              ({Hash, dsa = Sign} = Alg, Acc) ->
+                  case proplists:get_bool(dss, PubKeys)
+                      andalso proplists:get_bool(Hash, Hashes)
+                      andalso is_pair(Hash, Sign, Hashes)
+                  of
+                      true ->
+                          [Alg | Acc];
+                      false ->
+                          Acc
+                  end;
+              ({Hash, Sign} = Alg, Acc) ->
+                  case proplists:get_bool(Sign, PubKeys)
+                      andalso proplists:get_bool(Hash, Hashes)
+                      andalso is_pair(Hash, Sign, Hashes)
+                  of
+                      true ->
+                          [Alg | Acc];
+                      false ->
+                          Acc
+                  end
           end,
     Supported = lists:foldl(Fun, [], SignatureSchemes),
     lists:reverse(Supported);