TLS 1.2 signature_algorithm Extension

Some of you may be familiar with the TLS 1.2 signature_algorithm extension, and might be curious if wolfSSL supports it. The signature_algorithm extension is found in section RFC5246 (, and is a hello extension of type supported_signature_algorithms. The purpose of this extension is to allow clients to indicate to the server which signature/hash algorithm pairs may be used in digital signatures. If the client supports the default algorithms, the client is not required to send this extension.

wolfSSL supports the default algorithms, and as such, the wolfSSL client does not support this extension. The wolfSSL server will accept this extension if received from a client, but currently doesn’t do anything with the response it receives. This is something that will most likely be added to wolfSSL in the future when more clients and servers start using non-default extension algorithms.

If you have any questions about wolfSSL, or would like more information, please let us know at

Team yaSSL