commit | 320da8d149bda0f5217444faac19abedfddf30f2 | [log] [tgz] |
---|---|---|
author | Filippo Valsorda <filippo@golang.org> | Tue Feb 19 15:58:06 2019 -0500 |
committer | Filippo Valsorda <filippo@golang.org> | Thu Feb 21 16:55:18 2019 +0000 |
tree | e1e53a7e339bb254a10690e1e6d2c0ea87ef6475 | |
parent | b840ae1e16f95687a8379c49cab0bd94bd839b6f [diff] |
[release-branch.go1.12] crypto/tls: don't select RSA-PSS for client certificates in TLS 1.2 In https://golang.org/cl/160998, RSA-PSS was disabled for (most of) TLS 1.2. One place where we can't disable it is in a Client Hello which offers both TLS 1.2 and 1.3: RSA-PSS is required by TLS 1.3, so to offer TLS 1.3 we need to offer RSA-PSS, even if the server might select TLS 1.2. The good news is that we want to disable RSA-PSS mostly when we are the signing side, as that's where broken crypto.Signer implementations will bite us. So we can announce RSA-PSS in the Client Hello, tolerate the server picking TLS 1.2 and RSA-PSS for their signatures, but still not do RSA-PSS on our side if asked to provide a client certificate. Client-TLSv12-ClientCert-RSA-PSS-Disabled changed because it was indeed actually using RSA-PSS. Updates #30055 Change-Id: I5ecade744b666433b37847abf55e1f08089b21d4 Reviewed-on: https://go-review.googlesource.com/c/163039 Reviewed-by: Andrew Bonventre <andybons@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.
Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Official binary distributions are available at https://golang.org/dl/.
After downloading a binary release, visit https://golang.org/doc/install or load doc/install.html in your web browser for installation instructions.
If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source or load doc/install-source.html in your web browser for source installation instructions.
Go is the work of thousands of contributors. We appreciate your help!
To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html
Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.