|author||Filippo Valsorda <firstname.lastname@example.org>||Tue Feb 19 15:58:06 2019 -0500|
|committer||Filippo Valsorda <email@example.com>||Thu Feb 21 16:55:18 2019 +0000|
[release-branch.go1.12] crypto/tls: don't select RSA-PSS for client certificates in TLS 1.2 In https://golang.org/cl/160998, RSA-PSS was disabled for (most of) TLS 1.2. One place where we can't disable it is in a Client Hello which offers both TLS 1.2 and 1.3: RSA-PSS is required by TLS 1.3, so to offer TLS 1.3 we need to offer RSA-PSS, even if the server might select TLS 1.2. The good news is that we want to disable RSA-PSS mostly when we are the signing side, as that's where broken crypto.Signer implementations will bite us. So we can announce RSA-PSS in the Client Hello, tolerate the server picking TLS 1.2 and RSA-PSS for their signatures, but still not do RSA-PSS on our side if asked to provide a client certificate. Client-TLSv12-ClientCert-RSA-PSS-Disabled changed because it was indeed actually using RSA-PSS. Updates #30055 Change-Id: I5ecade744b666433b37847abf55e1f08089b21d4 Reviewed-on: https://go-review.googlesource.com/c/163039 Reviewed-by: Andrew Bonventre <firstname.lastname@example.org> Reviewed-by: Adam Langley <email@example.com>
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Official binary distributions are available at https://golang.org/dl/.
If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source or load doc/install-source.html in your web browser for source installation instructions.
Go is the work of thousands of contributors. We appreciate your help!
To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html
Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.