Clarify PSS sigalg entry
If my understanding is correct (to be confirmed in review), this is a new
feature which was not particularly desired on its own but was the simplest
way to fix an interoperability issue in TLS 1.2 caused accidentally by
the work on TLS 1.3.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt b/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt
index f88eb9e..c87c3fb 100644
--- a/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt
+++ b/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt
@@ -1,8 +1,8 @@
Features
- * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
- declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
- `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
- the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
- for its signature in the key exchange message. As Mbed TLS 1.2 does not
- support them, the handshake fails. Add `rsa_pss_rsae_*` support for TLS 1.2
- to resolve the compitablity issue.
+ * Support rsa_pss_rsae_* signature algorithms in TLS 1.2.
+Bugfix
+ * Fix an interoperability failure between an Mbed TLS client with both
+ TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server such as GnuTLS or
+ OpenSSL that supports rsa_pss_rsae_* signature algorithms. This failed
+ because Mbed TLS supported PSS only in TLS 1.3, but advertised support
+ in TLS 1.2 as well.