From f984402cef930d31182873d3ff6cc6b3cda17f9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Thu, 23 May 2019 16:46:17 +0200
Subject: ssl: Update standards compliance

---
 lib/ssl/doc/src/standards_compliance.xml | 357 ++++++++++++++++---------------
 1 file changed, 182 insertions(+), 175 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/doc/src/standards_compliance.xml b/lib/ssl/doc/src/standards_compliance.xml
index ca98385f85..650fcec920 100644
--- a/lib/ssl/doc/src/standards_compliance.xml
+++ b/lib/ssl/doc/src/standards_compliance.xml
@@ -126,7 +126,7 @@
 
   <section>
     <title>TLS 1.3</title>
-    <p>OTP-22 introduces basic support for TLS 1.3 on the server side. Basic functionality
+    <p>OTP-22 introduces basic support for TLS 1.3. Basic functionality
     covers a simple TLS 1.3 handshake with support of the mandatory extensions
     (supported_groups, signature_algorithms, key_share, supported_versions and
     signature_algorithms_cert). The server supports a selective set of cryptographic algorithms:</p>
@@ -147,8 +147,6 @@
     </list>
     <p>For more detailed information see the
     <seealso marker="#soc_table">Standards Compliance</seealso> below.</p>
-    <warning><p>Note that the client side is not yet functional. It is planned to be released
-    later in OTP-22.</p></warning>
 
     <p> The following table describes the current state of standards compliance for TLS 1.3.</p>
     <p>(<em>C</em> = Compliant, <em>NC</em> = Non-Compliant, <em>PC</em> = Partially-Compliant,
@@ -176,25 +174,25 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">Version downgrade protection mechanism</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">RSASSA-PSS signature schemes</cell>
 	<cell align="left" valign="middle"><em>PC</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">supported_versions (ClientHello) extension</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">signature_algorithms_cert extension</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
 
       <row>
@@ -211,7 +209,7 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">(EC)DHE</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -295,8 +293,8 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>PC</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
      <row>
         <cell align="left" valign="middle"></cell>
@@ -319,14 +317,14 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">supported_groups (RFC7919)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">signature_algorithms (RFC8446)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -373,8 +371,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">key_share (RFC8446)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -403,8 +401,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">supported_versions (RFC8446)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -427,8 +425,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">signature_algorithms_cert (RFC8446)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
 
       <row>
@@ -459,13 +457,13 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">supported_groups (RFC7919)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">signature_algorithms (RFC8446)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -513,7 +511,7 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">key_share (RFC8446)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -543,7 +541,7 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">supported_versions (RFC8446)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -567,7 +565,7 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">signature_algorithms_cert (RFC8446)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
 
       <row>
@@ -577,20 +575,20 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>PC</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">Version downgrade protection</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">key_share (RFC8446)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -601,8 +599,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">supported_versions (RFC8446)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
 
       <row>
@@ -615,13 +613,13 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">Version downgrade protection</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">key_share (RFC8446)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -633,7 +631,7 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">supported_versions (RFC8446)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
 
       <row>
@@ -650,7 +648,7 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">key_share (RFC8446)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -662,7 +660,7 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">supported_versions (RFC8446)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
 
       <row>
@@ -672,8 +670,8 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -706,26 +704,26 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>PC</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pkcs1_sha256</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pkcs1_sha384</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pkcs1_sha512</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -748,20 +746,20 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pss_rsae_sha256</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pss_rsae_sha384</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pss_rsae_sha512</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -796,14 +794,14 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pkcs1_sha1</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">ecdsa_sha1</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
 
       <row>
@@ -816,19 +814,19 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pkcs1_sha256</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pkcs1_sha384</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pkcs1_sha512</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -852,19 +850,19 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pss_rsae_sha256</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pss_rsae_sha384</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pss_rsae_sha512</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -900,13 +898,13 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">rsa_pkcs1_sha1</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">ecdsa_sha1</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
 
       <row>
@@ -973,62 +971,62 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">secp256r1</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">secp384r1</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">secp521r1</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">x25519</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">x448</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">ffdhe2048</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">ffdhe3072</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">ffdhe4096</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">ffdhe6144</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">ffdhe8192</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
 
       <row>
@@ -1105,8 +1103,8 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -1224,8 +1222,8 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>PC</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -1362,8 +1360,8 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>PC</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -1374,8 +1372,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">signature_algorithms (RFC8446)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -1398,8 +1396,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">signature_algorithms_cert (RFC8446)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
 
       <row>
@@ -1417,8 +1415,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">signature_algorithms (RFC8446)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -1441,8 +1439,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">signature_algorithms_cert (RFC8446)</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
 
       <row>
@@ -1463,8 +1461,8 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>PC</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -1521,73 +1519,82 @@
 	    4.4.2.2. Server Certificate Selection
 	  </url>
 	</cell>
-        <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"><em></em></cell>
+        <cell align="left" valign="middle"><em></em></cell>
+	<cell align="left" valign="middle"><em>PC</em></cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
-        <cell align="left" valign="middle">certificate type MUST be X.509v3</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"><em></em></cell>
+        <cell align="left" valign="middle">The certificate type MUST be X.509v3, unless explicitly
+	negotiated otherwise</cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
-        <cell align="left" valign="middle">certificate's public key is compatible</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"><em></em></cell>
+        <cell align="left" valign="middle">The server's end-entity certificate's public key (and associated
+	restrictions) MUST be compatible with the selected authentication
+	algorithm from the client's "signature_algorithms" extension
+	(currently RSA, ECDSA, or EdDSA).</cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
-        <cell align="left" valign="middle">The certificate MUST allow the key to be used for signing</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"><em></em></cell>
+        <cell align="left" valign="middle">The certificate MUST allow the key to be used for signing
+	with a signature scheme indicated in the client's "signature_algorithms"/"signature_algorithms_cert"
+	extensions</cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
-        <cell align="left" valign="middle">server_name and certificate_authorities are used</cell>
+        <cell align="left" valign="middle">The "server_name" and "certificate_authorities"
+	extensions are used to guide certificate selection.  As servers
+	MAY require the presence of the "server_name" extension, clients
+	SHOULD send this extension, when applicable.</cell>
 	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"><em></em></cell>
+	<cell align="left" valign="middle"></cell>
       </row>
 
       <row>
-        <cell align="left" valign="middle"></cell>
-        <cell align="left" valign="middle"><em>Server</em></cell>
+        <cell align="left" valign="middle">
+	  <url href="https://tools.ietf.org/html/rfc8446#section-4.4.2.3">
+	    4.4.2.3. Client Certificate Selection
+	  </url>
+	</cell>
+        <cell align="left" valign="middle"><em></em></cell>
 	<cell align="left" valign="middle"><em>PC</em></cell>
-	<cell align="left" valign="middle"><em></em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
-        <cell align="left" valign="middle">certificate type MUST be X.509v3</cell>
+        <cell align="left" valign="middle">The certificate type MUST be X.509v3, unless explicitly
+	negotiated otherwise</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle"><em>22</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
-        <cell align="left" valign="middle">certificate's public key is compatible</cell>
-	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle"><em>22</em></cell>
+        <cell align="left" valign="middle">If the "certificate_authorities" extension in the
+	CertificateRequest message was present, at least one of the
+	certificates in the certificate chain SHOULD be issued by one of
+	the listed CAs.</cell>
+	<cell align="left" valign="middle"><em>NC</em></cell>
+	<cell align="left" valign="middle"><em></em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
-        <cell align="left" valign="middle">The certificate MUST allow the key to be used for signing</cell>
+        <cell align="left" valign="middle">The certificates MUST be signed using an acceptable signature
+	algorithm</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle"><em>22</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
-        <cell align="left" valign="middle">server_name and certificate_authorities are used</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
-      </row>
-
-      <row>
-        <cell align="left" valign="middle">
-	  <url href="https://tools.ietf.org/html/rfc8446#section-4.4.2.3">
-	    4.4.2.3. Client Certificate Selection
-	  </url>
-	</cell>
-        <cell align="left" valign="middle"><em></em></cell>
+        <cell align="left" valign="middle">If the CertificateRequest message contained a non-empty
+	"oid_filters" extension, the end-entity certificate MUST match the
+	extension OIDs that are recognized by the client</cell>
 	<cell align="left" valign="middle"><em>NC</em></cell>
 	<cell align="left" valign="middle"><em></em></cell>
       </row>
@@ -1599,8 +1606,8 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -1616,8 +1623,8 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -1633,8 +1640,8 @@
 	  </url>
 	</cell>
         <cell align="left" valign="middle"><em>Client</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -1738,25 +1745,25 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">MUST NOT be interleaved with other record types</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">MUST NOT span key changes</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">MUST NOT send zero-length fragments</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">Alert messages MUST NOT be fragmented</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
 
       <row>
@@ -1807,7 +1814,7 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">The padding sent is automatically verified</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
 
       <row>
@@ -1957,19 +1964,19 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">MUST implement the TLS_AES_128_GCM_SHA256</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">SHOULD implement the TLS_AES_256_GCM_SHA384</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">SHOULD implement the TLS_CHACHA20_POLY1305_SHA256</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
 
       <row>
@@ -1982,13 +1989,13 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">MUST support rsa_pkcs1_sha256 (for certificates)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">MUST support rsa_pss_rsae_sha256 (for CertificateVerify and certificates)</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -2007,13 +2014,13 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">MUST support key exchange with secp256r1</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">SHOULD support key exchange with X25519</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
 
       <row>
@@ -2030,7 +2037,7 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">Supported Versions</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -2042,25 +2049,25 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">Signature Algorithms</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">Signature Algorithms Certificate</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">Negotiated Groups</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">Key Share</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -2072,32 +2079,32 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle"><em>MUST send and use these extensions</em></cell>
-	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>PC</em></cell>
 	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">"supported_versions" is REQUIRED for ClientHello, ServerHello and HelloRetryRequest</cell>
-	<cell align="left" valign="middle"><em>PC</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">"signature_algorithms" is REQUIRED for certificate authentication</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">"supported_groups" is REQUIRED for ClientHello messages using (EC)DHE key exchange</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">"key_share" is REQUIRED for (EC)DHE key exchange</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -2115,8 +2122,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle"><em>TLS 1.3 ClientHello</em></cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"><em></em></cell>
+	<cell align="left" valign="middle"><em>PC</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
@@ -2127,8 +2134,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">If containing a "supported_groups" extension, it MUST also contain a "key_share" extension, and vice versa.  An empty KeyShare.client_shares vector is permitted.</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle"><em>22.1</em></cell>
       </row>
 
       <row>
@@ -2193,25 +2200,25 @@
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">TLS_AES_128_GCM_SHA256</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">TLS_AES_256_GCM_SHA384</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">TLS_CHACHA20_POLY1305_SHA256</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">TLS_AES_128_CCM_SHA256</cell>
 	<cell align="left" valign="middle"><em>C</em></cell>
-	<cell align="left" valign="middle">22</cell>
+	<cell align="left" valign="middle"><em>22</em></cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
-- 
cgit v1.2.3