Latest release 7.7.0 mentions fixing TLS CertificateVerify - when was this broken? can you tell me more?

Question

I have a customer where our Client process connects to a server that require Certificate Verify. This client works with an old version of EDT, but with EDT v7.2.3 the client logon fails, possibly due to Certificate Verify issues. Can you tell me more about the fix in 7.7.0?

Please respond to Susan.Raye@Data443.com

Answer 1

It's a bit hard to explain, but it's a bug in the TLS 1.2 implementation specific to SHA256 and SHA384 cipher suites. It's getting the message digests wrong, and that's causing the CertificateVerify message in TLS to fail.