crypto/tls: disable RSA-PSS in TLS 1.2

Most of the issues that led to the decision on #30055 were related to incompatibility with or faulty support for RSA-PSS (#29831, #29779, v1.5 signatures). RSA-PSS is required by TLS 1.3, but is also available to be negotiated in TLS 1.2. Altering TLS 1.2 behavior based on GODEBUG=tls13=1 feels surprising, so just disable RSA-PSS entirely in TLS 1.2 until TLS 1.3 is on by default, so breakage happens all at once. Updates #30055 Change-Id: Iee90454a20ded8895e5302e8bcbcd32e4e3031c2 Reviewed-on: https://go-review.googlesource.com/c/160998 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>

crypto/tls: disable RSA-PSS in TLS 1.2
Most of the issues that led to the decision on #30055 were related to incompatibility with or faulty support for RSA-PSS (#29831, #29779, v1.5 signatures). RSA-PSS is required by TLS 1.3, but is also available to be negotiated in TLS 1.2. Altering TLS 1.2 behavior based on GODEBUG=tls13=1 feels surprising, so just disable RSA-PSS entirely in TLS 1.2 until TLS 1.3 is on by default, so breakage happens all at once. Updates #30055 Change-Id: Iee90454a20ded8895e5302e8bcbcd32e4e3031c2 Reviewed-on: https://go-review.googlesource.com/c/160998 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
7ccd3583 · Filippo Valsorda · 5d9bc608 · 7ccd3583 · 7ccd3583 · 7ccd3583
Commit 7ccd3583 authored Feb 05, 2019 by Filippo Valsorda
16 changed files
--- a/doc/go1.12.html
+++ b/doc/go1.12.html
@@ -406,7 +406,8 @@ for {
  and renegotiation are available in TLS 1.3 and provide equivalent or
  better security and performance. Note that even though TLS 1.3 is backwards
  compatible with previous versions, certain legacy systems might not work
-  correctly when attempting to negotiate it.
+  correctly when attempting to negotiate it. RSA certificate keys too small
+  to be secure (including 512-bit keys) will not work with TLS 1.3.
 </p>

 <p>
@@ -500,13 +501,6 @@ for {

 <dl id="crypto/tls"><dt><a href="/pkg/crypto/tls/">crypto/tls</a></dt>
  <dd>
-    <p><!-- CL 146258 -->
-      TLS 1.2 clients and servers will now advertise and accept RSA-PSS
-      signature algorithms for use with regular RSA public keys. Certain
-      insecure certificate keys (including 512-bit RSA keys) will
-      now cause a handshake failure if RSA-PSS is selected.
-    </p>
-
    <p><!-- CL 143177 -->
      If a client sends an initial message that does not look like TLS, the server
      will no longer reply with an alert, and it will expose the underlying

--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -161,7 +161,7 @@ const (
 )

 // supportedSignatureAlgorithms contains the signature and hash algorithms that
-// the code advertises as supported in a TLS 1.2 ClientHello and in a TLS 1.2
+// the code advertises as supported in a TLS 1.2+ ClientHello and in a TLS 1.2+
 // CertificateRequest. The two fields are merged to match with TLS 1.3.
 // Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc.
 var supportedSignatureAlgorithms = []SignatureScheme{
@@ -178,6 +178,9 @@ var supportedSignatureAlgorithms = []SignatureScheme{
 	ECDSAWithSHA1,
 }

+// RSA-PSS is disabled in TLS 1.2 for Go 1.12. See Issue 30055.
+var supportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithms[3:]
+
 // helloRetryRequestRandom is set as the Random value of a ServerHello
 // to signal that the message is actually a HelloRetryRequest.
 var helloRetryRequestRandom = []byte{ // See RFC 8446, Section 4.1.3.

--- a/src/crypto/tls/conn_test.go
+++ b/src/crypto/tls/conn_test.go
@@ -142,6 +142,7 @@ func runDynamicRecordSizingTest(t *testing.T, config *Config) {

 	handshakeDone := make(chan struct{})
 	recordSizesChan := make(chan []int, 1)
+	defer func() { <-recordSizesChan }() // wait for the goroutine to exit
 	go func() {
 		// This goroutine performs a TLS handshake over clientConn and
 		// then reads TLS records until EOF. It writes a slice that

--- a/src/crypto/tls/handshake_client_test.go
+++ b/src/crypto/tls/handshake_client_test.go
@@ -855,6 +855,30 @@ func TestHandshakeClientCertRSAPKCS1v15(t *testing.T) {
 	runClientTestTLS12(t, test)
 }

+func TestHandshakeClientCertPSSDisabled(t *testing.T) {
+	config := testConfig.Clone()
+	cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM))
+	config.Certificates = []Certificate{cert}
+
+	test := &clientTest{
+		name:   "ClientCert-RSA-PSS-Disabled",
+		args:   []string{"-cipher", "AES128", "-Verify", "1"},
+		config: config,
+	}
+
+	// Restore the default signature algorithms, disabling RSA-PSS in TLS 1.2,
+	// and check that handshakes still work.
+	testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12
+	defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }()
+	supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12
+
+	// Use t.Run to ensure the defer runs after all parallel tests end.
+	t.Run("", func(t *testing.T) {
+		runClientTestTLS12(t, test)
+		runClientTestTLS13(t, test)
+	})
+}
+
 func TestClientKeyUpdate(t *testing.T) {
 	test := &clientTest{
 		name:          "KeyUpdate",

--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -463,7 +463,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 		}
 		if c.vers >= VersionTLS12 {
 			certReq.hasSignatureAlgorithm = true
-			certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+			certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithmsTLS12
 		}

 		// An empty list of certificateAuthorities signals to
@@ -559,7 +559,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 		}

 		// Determine the signature type.
-		_, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, supportedSignatureAlgorithms, c.vers)
+		_, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, supportedSignatureAlgorithmsTLS12, c.vers)
 		if err != nil {
 			c.sendAlert(alertIllegalParameter)
 			return err

--- a/src/crypto/tls/handshake_server_test.go
+++ b/src/crypto/tls/handshake_server_test.go
@@ -1211,6 +1211,33 @@ func TestHandshakeServerRSAPSS(t *testing.T) {
 	runServerTestTLS13(t, test)
 }

+func TestHandshakeServerPSSDisabled(t *testing.T) {
+	test := &serverTest{
+		name:    "RSA-PSS-Disabled",
+		command: []string{"openssl", "s_client", "-no_ticket"},
+		wait:    true,
+	}
+
+	// Restore the default signature algorithms, disabling RSA-PSS in TLS 1.2,
+	// and check that handshakes still work.
+	testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12
+	defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }()
+	supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12
+
+	runServerTestTLS12(t, test)
+	runServerTestTLS13(t, test)
+
+	test = &serverTest{
+		name:    "RSA-PSS-Disabled-Required",
+		command: []string{"openssl", "s_client", "-no_ticket", "-sigalgs", "rsa_pss_rsae_sha256"},
+		wait:    true,
+
+		expectHandshakeErrorIncluding: "peer doesn't support any common signature algorithms",
+	}
+
+	runServerTestTLS12(t, test)
+}
+
 func benchmarkHandshakeServer(b *testing.B, version uint16, cipherSuite uint16, curve CurveID, cert []byte, key crypto.PrivateKey) {
 	config := testConfig.Clone()
 	config.CipherSuites = []uint16{cipherSuite}
@@ -1390,49 +1417,82 @@ func TestClientAuth(t *testing.T) {
 		defer os.Remove(ecdsaCertPath)
 		ecdsaKeyPath = tempFile(clientECDSAKeyPEM)
 		defer os.Remove(ecdsaKeyPath)
-	} else {
-		t.Parallel()
 	}

-	config := testConfig.Clone()
-	config.ClientAuth = RequestClientCert
+	t.Run("Normal", func(t *testing.T) {
+		config := testConfig.Clone()
+		config.ClientAuth = RequestClientCert

-	test := &serverTest{
-		name:    "ClientAuthRequestedNotGiven",
-		command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"},
-		config:  config,
-	}
-	runServerTestTLS12(t, test)
-	runServerTestTLS13(t, test)
+		test := &serverTest{
+			name:    "ClientAuthRequestedNotGiven",
+			command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"},
+			config:  config,
+		}
+		runServerTestTLS12(t, test)
+		runServerTestTLS13(t, test)

-	test = &serverTest{
-		name: "ClientAuthRequestedAndGiven",
-		command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
-			"-cert", certPath, "-key", keyPath, "-sigalgs", "rsa_pss_rsae_sha256"},
-		config:            config,
-		expectedPeerCerts: []string{clientCertificatePEM},
-	}
-	runServerTestTLS12(t, test)
-	runServerTestTLS13(t, test)
+		config.ClientAuth = RequireAnyClientCert

-	test = &serverTest{
-		name: "ClientAuthRequestedAndECDSAGiven",
-		command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
-			"-cert", ecdsaCertPath, "-key", ecdsaKeyPath},
-		config:            config,
-		expectedPeerCerts: []string{clientECDSACertificatePEM},
-	}
-	runServerTestTLS12(t, test)
-	runServerTestTLS13(t, test)
+		test = &serverTest{
+			name: "ClientAuthRequestedAndGiven",
+			command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
+				"-cert", certPath, "-key", keyPath, "-sigalgs", "rsa_pss_rsae_sha256"},
+			config:            config,
+			expectedPeerCerts: []string{clientCertificatePEM},
+		}
+		runServerTestTLS12(t, test)
+		runServerTestTLS13(t, test)
+
+		test = &serverTest{
+			name: "ClientAuthRequestedAndECDSAGiven",
+			command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
+				"-cert", ecdsaCertPath, "-key", ecdsaKeyPath},
+			config:            config,
+			expectedPeerCerts: []string{clientECDSACertificatePEM},
+		}
+		runServerTestTLS12(t, test)
+		runServerTestTLS13(t, test)
+
+		test = &serverTest{
+			name: "ClientAuthRequestedAndPKCS1v15Given",
+			command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
+				"-cert", certPath, "-key", keyPath, "-sigalgs", "rsa_pkcs1_sha256"},
+			config:            config,
+			expectedPeerCerts: []string{clientCertificatePEM},
+		}
+		runServerTestTLS12(t, test)
+	})

-	test = &serverTest{
-		name: "ClientAuthRequestedAndPKCS1v15Given",
-		command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
-			"-cert", certPath, "-key", keyPath, "-sigalgs", "rsa_pkcs1_sha256"},
-		config:            config,
-		expectedPeerCerts: []string{clientCertificatePEM},
-	}
-	runServerTestTLS12(t, test)
+	// Restore the default signature algorithms, disabling RSA-PSS in TLS 1.2,
+	// and check that handshakes still work.
+	testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12
+	defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }()
+	supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12
+
+	t.Run("PSSDisabled", func(t *testing.T) {
+		config := testConfig.Clone()
+		config.ClientAuth = RequireAnyClientCert
+
+		test := &serverTest{
+			name: "ClientAuthRequestedAndGiven-PSS-Disabled",
+			command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
+				"-cert", certPath, "-key", keyPath},
+			config:            config,
+			expectedPeerCerts: []string{clientCertificatePEM},
+		}
+		runServerTestTLS12(t, test)
+		runServerTestTLS13(t, test)
+
+		test = &serverTest{
+			name: "ClientAuthRequestedAndGiven-PSS-Disabled-Required",
+			command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
+				"-cert", certPath, "-key", keyPath, "-client_sigalgs", "rsa_pss_rsae_sha256"},
+			config: config,
+
+			expectHandshakeErrorIncluding: "client didn't provide a certificate",
+		}
+		runServerTestTLS12(t, test)
+	})
 }

 func TestSNIGivenOnFailure(t *testing.T) {
@@ -1722,6 +1782,7 @@ T+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g
 	if err != nil {
 		t.Fatal(err)
 	}
+
 	done := make(chan struct{})
 	go func() {
 		config := testConfig.Clone()
@@ -1739,4 +1800,15 @@ T+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g
 		t.Errorf(`expected "handshake failure", got %q`, err)
 	}
 	<-done
+
+	// With RSA-PSS disabled and TLS 1.2, this should work.
+
+	testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12
+	defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }()
+	supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12
+
+	serverConfig := testConfig.Clone()
+	serverConfig.Certificates = []Certificate{cert}
+	serverConfig.MaxVersion = VersionTLS12
+	testHandshake(t, testConfig, serverConfig)
 }
--- a/src/crypto/tls/key_agreement.go
+++ b/src/crypto/tls/key_agreement.go
@@ -177,7 +177,7 @@ NextCandidate:
 		return nil, errors.New("tls: certificate private key does not implement crypto.Signer")
 	}

-	signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(priv.Public(), clientHello.supportedSignatureAlgorithms, supportedSignatureAlgorithms, ka.version)
+	signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(priv.Public(), clientHello.supportedSignatureAlgorithms, supportedSignatureAlgorithmsTLS12, ka.version)
 	if err != nil {
 		return nil, err
 	}

--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled
--- a/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-PSS-Disabled
+++ b/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-PSS-Disabled
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 97 01 00 00  93 03 03 9e b1 2a 26 04  |.............*&.|
+00000010  8d 66 df 43 cb 0a 85 80  4f f2 99 7d 80 20 64 7e  |.f.C....O..}. d~|
+00000020  30 a0 bb 60 ac 0e d4 ce  f0 ae 98 00 00 04 00 2f  |0..`.........../|
+00000030  00 ff 01 00 00 66 00 00  00 0e 00 0c 00 00 09 31  |.....f.........1|
+00000040  32 37 2e 30 2e 30 2e 31  00 0b 00 04 03 00 01 02  |27.0.0.1........|
+00000050  00 0a 00 0c 00 0a 00 1d  00 17 00 1e 00 19 00 18  |................|
+00000060  00 16 00 00 00 17 00 00  00 0d 00 30 00 2e 04 03  |...........0....|
+00000070  05 03 06 03 08 07 08 08  08 09 08 0a 08 0b 08 04  |................|
+00000080  08 05 08 06 04 01 05 01  06 01 03 03 02 03 03 01  |................|
+00000090  02 01 03 02 02 02 04 02  05 02 06 02              |............|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 44 4f 57 4e 47  52 44 01 00 00 2f 00 00  |...DOWNGRD.../..|
+00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
+00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
+00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
+00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
+00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
+00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
+00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
+000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
+000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
+000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
+000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
+000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
+000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
+00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
+00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
+00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
+00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
+00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
+00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
+00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
+00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
+00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
+00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
+000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
+000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
+000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
+000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
+000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
+000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
+00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
+00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
+00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
+00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
+00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
+00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
+00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
+00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
+00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
+00000290  3b e9 fa e7 16 03 03 00  1b 0d 00 00 17 02 01 40  |;..............@|
+000002a0  00 10 04 01 04 03 05 01  05 03 06 01 06 03 02 01  |................|
+000002b0  02 03 00 00 16 03 03 00  04 0e 00 00 00           |.............|
+>>> Flow 3 (client to server)
+00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
+00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
+00000020  c1 89 65 83 55 6f dc 0b  c9 b9 93 9f e9 bc 30 0d  |..e.Uo........0.|
+00000030  06 09 2a 86 48 86 f7 0d  01 01 0b 05 00 30 12 31  |..*.H........0.1|
+00000040  10 30 0e 06 03 55 04 0a  13 07 41 63 6d 65 20 43  |.0...U....Acme C|
+00000050  6f 30 1e 17 0d 31 36 30  38 31 37 32 31 35 32 33  |o0...16081721523|
+00000060  31 5a 17 0d 31 37 30 38  31 37 32 31 35 32 33 31  |1Z..170817215231|
+00000070  5a 30 12 31 10 30 0e 06  03 55 04 0a 13 07 41 63  |Z0.1.0...U....Ac|
+00000080  6d 65 20 43 6f 30 81 9f  30 0d 06 09 2a 86 48 86  |me Co0..0...*.H.|
+00000090  f7 0d 01 01 01 05 00 03  81 8d 00 30 81 89 02 81  |...........0....|
+000000a0  81 00 ba 6f aa 86 bd cf  bf 9f f2 ef 5c 94 60 78  |...o........\.`x|
+000000b0  6f e8 13 f2 d1 96 6f cd  d9 32 6e 22 37 ce 41 f9  |o.....o..2n"7.A.|
+000000c0  ca 5d 29 ac e1 27 da 61  a2 ee 81 cb 10 c7 df 34  |.])..'.a.......4|
+000000d0  58 95 86 e9 3d 19 e6 5c  27 73 60 c8 8d 78 02 f4  |X...=..\'s`..x..|
+000000e0  1d a4 98 09 a3 19 70 69  3c 25 62 66 2a ab 22 23  |......pi<%bf*."#|
+000000f0  c5 7b 85 38 4f 2e 09 73  32 a7 bd 3e 9b ad ca 84  |.{.8O..s2..>....|
+00000100  07 e6 0f 3a ff 77 c5 9d  41 85 00 8a b6 9b ee b0  |...:.w..A.......|
+00000110  a4 3f 2d 4c 4c e6 42 3e  bb 51 c8 dd 48 54 f4 0c  |.?-LL.B>.Q..HT..|
+00000120  8e 47 02 03 01 00 01 a3  46 30 44 30 0e 06 03 55  |.G......F0D0...U|
+00000130  1d 0f 01 01 ff 04 04 03  02 05 a0 30 13 06 03 55  |...........0...U|
+00000140  1d 25 04 0c 30 0a 06 08  2b 06 01 05 05 07 03 01  |.%..0...+.......|
+00000150  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 0f  |0...U.......0.0.|
+00000160  06 03 55 1d 11 04 08 30  06 87 04 7f 00 00 01 30  |..U....0.......0|
+00000170  0d 06 09 2a 86 48 86 f7  0d 01 01 0b 05 00 03 81  |...*.H..........|
+00000180  81 00 46 ab 44 a2 fb 28  54 f8 5a 67 f8 62 94 f1  |..F.D..(T.Zg.b..|
+00000190  9a b2 18 9e f2 b1 de 1d  7e 6f 76 95 a9 ba e7 5d  |........~ov....]|
+000001a0  a8 16 6c 9c f7 09 d3 37  e4 4b 2b 36 7c 01 ad 41  |..l....7.K+6|..A|
+000001b0  d2 32 d8 c3 d2 93 f9 10  6b 8e 95 b9 2c 17 8a a3  |.2......k...,...|
+000001c0  44 48 bc 59 13 83 16 04  88 a4 81 5c 25 0d 98 0c  |DH.Y.......\%...|
+000001d0  ac 11 b1 28 56 be 1d cd  61 62 84 09 bf d6 80 c6  |...(V...ab......|
+000001e0  45 8d 82 2c b4 d8 83 9b  db c9 22 b7 2a 12 11 7b  |E..,......".*..{|
+000001f0  fa 02 3b c1 c9 ff ea c9  9d a8 49 d3 95 d7 d5 0e  |..;.......I.....|
+00000200  e5 35 16 03 03 00 86 10  00 00 82 00 80 3f 1b ee  |.5...........?..|
+00000210  02 ec a5 9f 6e 38 69 2c  b7 03 89 65 b4 92 79 a0  |....n8i,...e..y.|
+00000220  b2 0b ab 9b 44 9c 68 d1  8e 5c 40 9c b5 1c a5 70  |....D.h..\@....p|
+00000230  00 a2 2e fb 98 b7 45 7b  9c 63 46 68 1d 55 9e 01  |......E{.cFh.U..|
+00000240  7f 84 31 62 07 c4 2f 20  5f 1a 94 8c 1f f4 3a 6d  |..1b../ _.....:m|
+00000250  a8 2b b8 08 5b ec 27 e3  49 9e 51 b3 66 98 09 ba  |.+..[.'.I.Q.f...|
+00000260  64 65 c8 3c 11 fb 14 4a  c9 ea 3c 5e 52 10 a0 0b  |de.<...J..<^R...|
+00000270  a9 fc 10 13 c9 99 0c a0  8b b4 40 66 0e 11 5e 1d  |..........@f..^.|
+00000280  8b 45 5c 4d 0d 39 39 f6  0c 59 8f 06 99 16 03 03  |.E\M.99..Y......|
+00000290  00 88 0f 00 00 84 04 01  00 80 71 1c 9c fd b2 c9  |..........q.....|
+000002a0  b9 7f f3 51 e2 63 96 08  56 d2 bd 19 61 9f 3f be  |...Q.c..V...a.?.|
+000002b0  e5 4c 22 a8 3f 81 98 2d  67 56 4e 2d 61 6e 51 e5  |.L".?..-gVN-anQ.|
+000002c0  11 24 bd 1b 38 ba dc 8c  76 51 1d 3c 6e 81 50 9a  |.$..8...vQ.<n.P.|
+000002d0  b5 24 9c d8 af f7 80 8a  51 43 ec b3 59 18 bd ea  |.$......QC..Y...|
+000002e0  8a be af 11 c8 ac 60 88  e3 67 a2 ae c2 95 16 47  |......`..g.....G|
+000002f0  2b e2 ea 42 0a 0a 3f 2b  8b c8 ec 9d e7 b2 a6 ee  |+..B..?+........|
+00000300  f4 9b ba 28 47 e2 30 ae  05 89 09 65 3d b6 54 8a  |...(G.0....e=.T.|
+00000310  4a df d4 fa a5 4c 30 38  53 f2 14 03 03 00 01 01  |J....L08S.......|
+00000320  16 03 03 00 40 97 50 23  88 56 0d d4 1b ba 6f 3e  |....@.P#.V....o>|
+00000330  8d 82 6c f3 04 55 2c 13  d9 5b 0a 73 88 4f 8b 3c  |..l..U,..[.s.O.<|
+00000340  cd ef 1a a7 15 7c 33 bb  ff fa 01 c4 87 d7 df 47  |.....|3........G|
+00000350  37 b6 fe 1d e6 82 c2 8a  33 b1 c9 ae 85 45 c8 0d  |7.......3....E..|
+00000360  38 47 69 2d 54                                    |8Gi-T|
+>>> Flow 4 (server to client)
+00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
+00000010  00 00 00 00 00 00 00 00  00 00 00 20 98 12 44 63  |........... ..Dc|
+00000020  e7 77 e6 e8 c0 c7 d7 b6  f7 c4 4e 13 e3 79 af 33  |.w........N..y.3|
+00000030  3b 6c 86 22 c5 9e dd 25  74 e5 7b 37 fb 24 c6 48  |;l."...%t.{7.$.H|
+00000040  c9 74 a7 9b 9b 32 a7 c1  b9 bb e0 17 03 03 00 40  |.t...2.........@|
+00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000060  80 d7 ec 51 cf ae d4 1a  af 11 59 d1 0c 62 a6 67  |...Q......Y..b.g|
+00000070  2e 6f 18 23 29 75 92 07  b1 16 09 8f 2d f8 04 fe  |.o.#)u......-...|
+00000080  ce 71 2c b6 00 fd 7b 53  cb 6d 97 06 06 e6 af f4  |.q,...{S.m......|
+00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
+000000a0  00 00 00 00 00 73 14 3a  87 3b ca 3a 2b b2 52 30  |.....s.:.;.:+.R0|
+000000b0  98 62 88 1b a7 58 66 47  66 72 fd bb b6 b7 6b 99  |.b...XfGfr....k.|
+000000c0  20 ab e9 22 62                                    | .."b|
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled-Required
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled-Required
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 97 01 00 00  93 03 03 d7 9c de f8 62  |...............b|
+00000010  7e 32 5b bc d5 12 35 89  42 37 be ca 55 74 24 61  |~2[...5.B7..Ut$a|
+00000020  c0 50 91 0f 1b 42 29 9f  c1 6a cb 00 00 04 00 2f  |.P...B)..j...../|
+00000030  00 ff 01 00 00 66 00 00  00 0e 00 0c 00 00 09 31  |.....f.........1|
+00000040  32 37 2e 30 2e 30 2e 31  00 0b 00 04 03 00 01 02  |27.0.0.1........|
+00000050  00 0a 00 0c 00 0a 00 1d  00 17 00 1e 00 19 00 18  |................|
+00000060  00 16 00 00 00 17 00 00  00 0d 00 30 00 2e 04 03  |...........0....|
+00000070  05 03 06 03 08 07 08 08  08 09 08 0a 08 0b 08 04  |................|
+00000080  08 05 08 06 04 01 05 01  06 01 03 03 02 03 03 01  |................|
+00000090  02 01 03 02 02 02 04 02  05 02 06 02              |............|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 44 4f 57 4e 47  52 44 01 00 00 2f 00 00  |...DOWNGRD.../..|
+00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
+00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
+00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
+00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
+00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
+00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
+00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
+000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
+000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
+000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
+000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
+000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
+000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
+00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
+00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
+00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
+00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
+00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
+00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
+00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
+00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
+00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
+00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
+000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
+000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
+000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
+000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
+000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
+000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
+00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
+00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
+00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
+00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
+00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
+00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
+00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
+00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
+00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
+00000290  3b e9 fa e7 16 03 03 00  1b 0d 00 00 17 02 01 40  |;..............@|
+000002a0  00 10 04 01 04 03 05 01  05 03 06 01 06 03 02 01  |................|
+000002b0  02 03 00 00 16 03 03 00  04 0e 00 00 00           |.............|
+>>> Flow 3 (client to server)
+00000000  16 03 03 00 07 0b 00 00  03 00 00 00 16 03 03 00  |................|
+00000010  86 10 00 00 82 00 80 1d  c6 6c b0 b9 b3 41 06 80  |.........l...A..|
+00000020  e0 f5 df 06 ae 0f 2f 5f  72 14 44 47 16 c4 f0 a6  |....../_r.DG....|
+00000030  68 be fa ee ec 9b 38 b0  e4 bd a3 e9 ca 18 5b 25  |h.....8.......[%|
+00000040  33 31 57 86 63 59 0e ce  10 77 f8 42 a6 5c ad 3f  |31W.cY...w.B.\.?|
+00000050  80 85 a5 c1 06 4c 36 aa  f3 ee 62 39 66 69 76 51  |.....L6...b9fivQ|
+00000060  57 cc a0 b1 35 81 d5 38  01 2d 83 0e 2e 6b a9 84  |W...5..8.-...k..|
+00000070  0d 8b 29 93 90 78 2d 0d  33 5f 85 0d 00 0c e2 5f  |..)..x-.3_....._|
+00000080  83 21 28 27 83 ad 9d 19  2d 01 35 6d 85 2e 8d 6b  |.!('....-.5m...k|
+00000090  eb 7a cd 8a 3f 42 e2 14  03 03 00 01 01 16 03 03  |.z..?B..........|
+000000a0  00 40 5e 19 0f d0 4c 17  e0 25 e6 6b a1 d9 ea 59  |.@^...L..%.k...Y|
+000000b0  f4 3a 55 84 2c 50 1e 53  47 78 45 b8 97 f7 7f 3d  |.:U.,P.SGxE....=|
+000000c0  af d9 7a ad 30 30 77 1a  93 05 19 5b 9b 13 70 e0  |..z.00w....[..p.|
+000000d0  e0 f8 ba 6a bd 74 c5 71  0d 5a 2c 3f 2d 98 1a 3c  |...j.t.q.Z,?-..<|
+000000e0  5a 7d                                             |Z}|
+>>> Flow 4 (server to client)
+00000000  15 03 03 00 02 02 2a                              |......*|
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 cb 01 00 00  c7 03 03 ed 3d 3e 10 95  |............=>..|
+00000010  8b 6f 6c be 5c b7 77 c0  79 91 f8 b3 6f 52 27 18  |.ol.\.w.y...oR'.|
+00000020  0a b7 88 52 df 3c 6c 87  b4 5a 4c 00 00 38 c0 2c  |...R.<l..ZL..8.,|
+00000030  c0 30 00 9f cc a9 cc a8  cc aa c0 2b c0 2f 00 9e  |.0.........+./..|
+00000040  c0 24 c0 28 00 6b c0 23  c0 27 00 67 c0 0a c0 14  |.$.(.k.#.'.g....|
+00000050  00 39 c0 09 c0 13 00 33  00 9d 00 9c 00 3d 00 3c  |.9.....3.....=.<|
+00000060  00 35 00 2f 00 ff 01 00  00 66 00 00 00 0e 00 0c  |.5./.....f......|
+00000070  00 00 09 31 32 37 2e 30  2e 30 2e 31 00 0b 00 04  |...127.0.0.1....|
+00000080  03 00 01 02 00 0a 00 0c  00 0a 00 1d 00 17 00 1e  |................|
+00000090  00 19 00 18 00 16 00 00  00 17 00 00 00 0d 00 30  |...............0|
+000000a0  00 2e 04 03 05 03 06 03  08 07 08 08 08 09 08 0a  |................|
+000000b0  08 0b 08 04 08 05 08 06  04 01 05 01 06 01 03 03  |................|
+000000c0  02 03 03 01 02 01 03 02  02 02 04 02 05 02 06 02  |................|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 44 4f 57 4e 47  52 44 01 00 c0 30 00 00  |...DOWNGRD...0..|
+00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
+00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
+00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
+00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
+00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
+00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
+00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
+000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
+000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
+000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
+000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
+000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
+000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
+00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
+00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
+00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
+00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
+00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
+00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
+00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
+00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
+00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
+00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
+000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
+000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
+000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
+000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
+000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
+000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
+00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
+00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
+00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
+00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
+00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
+00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
+00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
+00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
+00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
+00000290  3b e9 fa e7 16 03 03 00  ac 0c 00 00 a8 03 00 1d  |;...............|
+000002a0  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+000002b0  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+000002c0  74 04 01 00 80 a5 a9 75  be 51 ff dc b3 bb 77 79  |t......u.Q....wy|
+000002d0  ef 5b 9f d9 27 6c 76 ea  ce 5c 66 20 03 2e 94 fd  |.[..'lv..\f ....|
+000002e0  28 94 69 ff 06 ab bd 34  43 51 72 fb 15 42 e6 38  |(.i....4CQr..B.8|
+000002f0  c5 7a 5d 7f 35 a7 3c 85  ec df 95 23 0f 28 c7 dc  |.z].5.<....#.(..|
+00000300  0e a6 ec fe 5e 77 3f 95  1d a7 73 1d d8 7b 68 92  |....^w?...s..{h.|
+00000310  5b a5 b8 ba f5 7c a5 60  2e 43 d6 60 64 3e 33 c7  |[....|.`.C.`d>3.|
+00000320  8b c2 56 68 e3 28 2b 2e  8b 9a 85 29 77 73 24 3e  |..Vh.(+....)ws$>|
+00000330  2b 95 b8 40 a7 f1 60 b5  9e 85 3e 1d ae ab 7f 85  |+..@..`...>.....|
+00000340  63 63 d1 cf 62 16 03 03  00 04 0e 00 00 00        |cc..b.........|
+>>> Flow 3 (client to server)
+00000000  16 03 03 00 25 10 00 00  21 20 43 dd 3e 28 34 9f  |....%...! C.>(4.|
+00000010  a9 0c 8e 14 66 01 a1 dd  15 8e 71 b4 05 83 d9 a3  |....f.....q.....|
+00000020  5f 5c a3 31 ad 5c d5 5a  ad 56 14 03 03 00 01 01  |_\.1.\.Z.V......|
+00000030  16 03 03 00 28 f3 ad d2  ec 9e 1e 85 2d 96 5f bc  |....(.......-._.|
+00000040  70 cc 0a c2 22 ef 0a fe  fb b0 77 f1 59 59 08 a6  |p...".....w.YY..|
+00000050  57 39 16 00 82 0b 60 1e  9a 74 75 3a 8a           |W9....`..tu:.|
+>>> Flow 4 (server to client)
+00000000  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
+00000010  00 00 00 cf 63 14 29 73  c7 7b 6c 98 50 db 5f 8e  |....c.)s.{l.P._.|
+00000020  f4 de 68 bc c0 60 2c db  9e 1f d9 48 55 51 05 47  |..h..`,....HUQ.G|
+00000030  7e 43 37 17 03 03 00 25  00 00 00 00 00 00 00 01  |~C7....%........|
+00000040  67 0a e7 77 dd 1a 30 87  27 90 b0 42 31 42 09 53  |g..w..0.'..B1B.S|
+00000050  03 bf 0c 10 3a c3 a7 95  e9 6e 63 57 ad 15 03 03  |....:....ncW....|
+00000060  00 1a 00 00 00 00 00 00  00 02 d5 1a ac 66 50 93  |.............fP.|
+00000070  46 0a da 98 1f cc 30 40  c1 47 c7 88              |F.....0@.G..|
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled-Required
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled-Required
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 91 01 00 00  8d 03 03 5a 8a 66 22 31  |...........Z.f"1|
+00000010  69 92 30 d5 7b 7c 17 a7  7c 14 d6 3c a9 9e ba dd  |i.0.{|..|..<....|
+00000020  7c 73 fe b4 b4 dd d8 28  39 32 0d 00 00 2a c0 30  ||s.....(92...*.0|
+00000030  00 9f cc a8 cc aa c0 2f  00 9e c0 28 00 6b c0 27  |......./...(.k.'|
+00000040  00 67 c0 14 00 39 c0 13  00 33 00 9d 00 9c 00 3d  |.g...9...3.....=|
+00000050  00 3c 00 35 00 2f 00 ff  01 00 00 3a 00 00 00 0e  |.<.5./.....:....|
+00000060  00 0c 00 00 09 31 32 37  2e 30 2e 30 2e 31 00 0b  |.....127.0.0.1..|
+00000070  00 04 03 00 01 02 00 0a  00 0c 00 0a 00 1d 00 17  |................|
+00000080  00 1e 00 19 00 18 00 16  00 00 00 17 00 00 00 0d  |................|
+00000090  00 04 00 02 08 04                                 |......|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 44 4f 57 4e 47  52 44 01 00 c0 30 00 00  |...DOWNGRD...0..|
+00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
+00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
+00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
+00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
+00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
+00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
+00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
+000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
+000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
+000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
+000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
+000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
+000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
+00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
+00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
+00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
+00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
+00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
+00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
+00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
+00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
+00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
+00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
+000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
+000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
+000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
+000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
+000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
+000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
+00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
+00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
+00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
+00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
+00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
+00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
+00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
+00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
+00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
+00000290  3b e9 fa e7 15 03 03 00  02 02 28                 |;.........(|
--- a/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven-PSS-Disabled
+++ b/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven-PSS-Disabled
--- a/src/crypto/tls/testdata/Server-TLSv13-RSA-PSS-Disabled
+++ b/src/crypto/tls/testdata/Server-TLSv13-RSA-PSS-Disabled
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 e0 01 00 00  dc 03 03 1e 9f 50 05 56  |.............P.V|
+00000010  a7 21 c8 df 56 a8 f3 bb  e4 15 3b b0 04 e5 f5 10  |.!..V.....;.....|
+00000020  d8 5b 0e 68 d3 b4 39 64  b5 89 9c 20 5a 6b 29 6d  |.[.h..9d... Zk)m|
+00000030  22 a0 e0 fb 7f 2d 87 48  e7 b4 c9 b3 5a d0 2b c7  |"....-.H....Z.+.|
+00000040  ad d8 e4 ad d5 eb 81 b3  1f 61 0e 65 00 08 13 02  |.........a.e....|
+00000050  13 03 13 01 00 ff 01 00  00 8b 00 00 00 0e 00 0c  |................|
+00000060  00 00 09 31 32 37 2e 30  2e 30 2e 31 00 0b 00 04  |...127.0.0.1....|
+00000070  03 00 01 02 00 0a 00 0c  00 0a 00 1d 00 17 00 1e  |................|
+00000080  00 19 00 18 00 16 00 00  00 17 00 00 00 0d 00 1e  |................|
+00000090  00 1c 04 03 05 03 06 03  08 07 08 08 08 09 08 0a  |................|
+000000a0  08 0b 08 04 08 05 08 06  04 01 05 01 06 01 00 2b  |...............+|
+000000b0  00 03 02 03 04 00 2d 00  02 01 01 00 33 00 26 00  |......-.....3.&.|
+000000c0  24 00 1d 00 20 ba 67 99  b3 60 71 ed 6c bb 8d 7e  |$... .g..`q.l..~|
+000000d0  4c c3 ea 37 6d 90 b6 f8  91 67 71 2c 84 a7 32 3a  |L..7m....gq,..2:|
+000000e0  23 2a 90 13 35                                    |#*..5|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 7a 02 00 00  76 03 03 00 00 00 00 00  |....z...v.......|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 00 00 00 00 00  00 00 00 20 5a 6b 29 6d  |........... Zk)m|
+00000030  22 a0 e0 fb 7f 2d 87 48  e7 b4 c9 b3 5a d0 2b c7  |"....-.H....Z.+.|
+00000040  ad d8 e4 ad d5 eb 81 b3  1f 61 0e 65 13 02 00 00  |.........a.e....|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 2f  |..+.....3.$... /|
+00000060  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
+00000070  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74 14  |.........._X.;t.|
+00000080  03 03 00 01 01 17 03 03  00 17 d9 74 68 ee e6 54  |...........th..T|
+00000090  e3 7a 0e ee 86 c7 a8 bb  c7 65 fc e4 c4 6c 58 7a  |.z.......e...lXz|
+000000a0  1e 17 03 03 02 6d 98 c3  0c cc 80 fe ea 70 13 4e  |.....m.......p.N|
+000000b0  2f f6 49 99 5f 27 0a f9  4d cf e5 1a 9a 37 fb e7  |/.I._'..M....7..|
+000000c0  3b a4 60 82 43 df fb fa  47 15 6f d8 db d2 3e c3  |;.`.C...G.o...>.|
+000000d0  dd a0 37 ca b2 b4 c9 1b  5c 86 4a e0 7e 06 1e 27  |..7.....\.J.~..'|
+000000e0  73 c6 cd 54 37 df 95 b1  c6 d5 44 85 2c 67 7d a7  |s..T7.....D.,g}.|
+000000f0  2a 7d 87 86 5e f3 e5 60  f8 7c de bf 78 89 35 9b  |*}..^..`.|..x.5.|
+00000100  d1 0b 8a dd 6f 40 d8 5a  55 10 e2 71 b0 7a 5e 4b  |....o@.ZU..q.z^K|
+00000110  86 18 be 18 a7 f8 8e c6  ae 8c 1e df bf 84 77 c5  |..............w.|
+00000120  dc b1 17 26 72 ea bb 9b  28 6c bf 19 8d 1a 22 90  |...&r...(l....".|
+00000130  0f 19 92 5b ff db 07 84  48 61 68 f0 50 20 76 a3  |...[....Hah.P v.|
+00000140  d3 f2 4a 3b 60 f5 73 cb  61 f7 11 63 f2 a7 0e 18  |..J;`.s.a..c....|
+00000150  30 96 d0 17 f1 2f 58 09  49 33 15 3e 31 e4 17 e8  |0..../X.I3.>1...|
+00000160  07 48 b5 43 06 40 60 4f  a0 78 0d 51 0c 3f 0f 1a  |.H.C.@`O.x.Q.?..|
+00000170  8c 95 7a 3e 36 66 36 22  dc 58 4e b7 3e 19 ad de  |..z>6f6".XN.>...|
+00000180  c9 f9 b0 76 e4 e2 8c 04  27 6f 67 8f fe 86 b9 41  |...v....'og....A|
+00000190  53 7d 9f d1 e0 a6 0b ec  fc c0 82 bf 00 36 28 4d  |S}...........6(M|
+000001a0  20 3a e3 42 67 87 16 64  6c 4f e2 54 23 d1 0f 32  | :.Bg..dlO.T#..2|
+000001b0  e9 16 9a da 46 a6 39 18  d5 6e a6 93 25 de a1 77  |....F.9..n..%..w|
+000001c0  d9 26 b5 7c b4 85 8a 69  48 90 11 a9 8c 42 ca b8  |.&.|...iH....B..|
+000001d0  88 63 df ec 6c e3 9f 2c  29 75 9b 57 79 8b 69 66  |.c..l..,)u.Wy.if|
+000001e0  16 9e 93 48 04 8a 41 e0  8b 0e fb a5 9c fd 68 f6  |...H..A.......h.|
+000001f0  5f ab 89 11 e4 aa 4c 6c  92 df b3 a3 39 f0 38 d9  |_.....Ll....9.8.|
+00000200  7d 1b 42 13 ee d1 83 e2  20 3f 60 81 96 d9 63 2c  |}.B..... ?`...c,|
+00000210  e8 54 a5 08 41 9b 1d 02  41 37 a2 ce 0c 9b 34 bf  |.T..A...A7....4.|
+00000220  43 c5 ac 90 67 cd 6b b6  55 31 36 b1 2b 0e ed 8c  |C...g.k.U16.+...|
+00000230  23 ae 71 b2 ab f3 94 68  f2 f6 87 d3 87 61 ca aa  |#.q....h.....a..|
+00000240  0b 65 63 a1 11 dc 6d 74  33 c8 24 a6 ae 40 27 c7  |.ec...mt3.$..@'.|
+00000250  d4 06 51 89 15 35 66 21  b0 82 15 87 70 c5 b8 8d  |..Q..5f!....p...|
+00000260  34 48 ff 41 e0 1a b0 46  f7 38 47 53 64 f7 a3 a2  |4H.A...F.8GSd...|
+00000270  61 96 72 ea 90 de 86 18  64 49 91 ed 97 05 e3 27  |a.r.....dI.....'|
+00000280  47 df ea 06 c6 28 f9 79  51 5e 64 b6 de 52 75 8a  |G....(.yQ^d..Ru.|
+00000290  79 8d 8e a6 d5 b0 f1 a6  ab 76 44 25 4b 80 5e e4  |y........vD%K.^.|
+000002a0  d4 aa c6 2d 77 1a 49 52  16 d6 73 6b 18 2d d1 a6  |...-w.IR..sk.-..|
+000002b0  4c e1 be 4d f8 79 34 a1  4c 81 88 9c 4b 85 f3 28  |L..M.y4.L...K..(|
+000002c0  97 fc 3a 7e cf d4 81 2c  d3 57 df 09 f5 49 f5 cf  |..:~...,.W...I..|
+000002d0  c7 7c 22 b3 8e 95 0f 97  6d d1 56 e3 43 7e 52 0f  |.|".....m.V.C~R.|
+000002e0  d4 da 3f e0 4e 06 b9 84  18 7d 7c 56 49 e0 d7 4a  |..?.N....}|VI..J|
+000002f0  d6 df c4 70 0c 74 5b 1f  4d 76 28 cd 3b b0 9e 27  |...p.t[.Mv(.;..'|
+00000300  cc 6b 1a 13 41 1a 6b bf  0d 2d 93 b2 d5 7e 7e 25  |.k..A.k..-...~~%|
+00000310  0e 8a 9c 17 03 03 00 99  df 4b 8e 3e d0 14 be 76  |.........K.>...v|
+00000320  f1 d3 ca b1 39 c0 7e 6c  4f 8c d9 0d b8 83 07 39  |....9.~lO......9|
+00000330  08 55 13 1e 3d 68 0f 99  9f 9a 68 1f 57 6a aa 41  |.U..=h....h.Wj.A|
+00000340  a4 40 2b 12 f2 4b 6c db  3c 59 fa 99 5c e2 c7 2d  |.@+..Kl.<Y..\..-|
+00000350  4b 55 4c 27 b1 6c bf 99  c3 36 1d 73 7a 8b fd bc  |KUL'.l...6.sz...|
+00000360  93 77 27 f5 9e cd 10 61  bc 8d b5 bf 7b bb 69 00  |.w'....a....{.i.|
+00000370  f9 f0 d3 22 dd 4e 7d 12  5a 61 49 1d d4 29 14 43  |...".N}.ZaI..).C|
+00000380  e5 62 ab d8 c6 78 75 80  4b 7a 6b 3f af 4b 92 2a  |.b...xu.Kzk?.K.*|
+00000390  23 29 da 85 c0 d7 35 03  9d ed 9c f7 83 39 cf cb  |#)....5......9..|
+000003a0  0f 85 5e 9f 29 61 d8 a2  d0 cb 14 2d 71 50 6f d5  |..^.)a.....-qPo.|
+000003b0  c2 17 03 03 00 45 be 9b  ee 5d e1 08 8a c2 d6 67  |.....E...].....g|
+000003c0  df 3b 84 50 28 30 69 bd  11 89 6a ab 02 ad d7 79  |.;.P(0i...j....y|
+000003d0  8b 2c 0a a9 9c ce e5 30  49 2d 59 82 e8 ee d3 03  |.,.....0I-Y.....|
+000003e0  77 d3 fc 22 dd 81 be e6  f4 22 36 8d 8e b1 7c 4a  |w.."....."6...|J|
+000003f0  b9 9c 6a ea 3f f0 aa ac  ec b6 c7 17 03 03 00 a3  |..j.?...........|
+00000400  69 e0 19 38 57 54 62 6c  28 d9 54 94 79 6e 7b 48  |i..8WTbl(.T.yn{H|
+00000410  25 55 7f 5f bb cc 91 07  30 47 55 9b f3 6e b9 ba  |%U._....0GU..n..|
+00000420  50 65 9b e9 81 5d 53 20  cd 27 5d ee 92 93 01 8f  |Pe...]S .'].....|
+00000430  5a d6 02 b9 26 1b 45 c3  40 26 6b 81 c3 ba 1e 3c  |Z...&.E.@&k....<|
+00000440  e6 03 93 b0 18 fe 2d be  07 97 b1 a1 a7 55 8f d8  |......-......U..|
+00000450  96 7a 58 ad 7d c1 72 71  d9 25 07 56 22 9a 7a f9  |.zX.}.rq.%.V".z.|
+00000460  4a 1b 82 30 e9 fb b0 26  81 45 d2 45 5b 1c 7d 97  |J..0...&.E.E[.}.|
+00000470  89 6d 17 69 81 27 a6 4c  be d0 78 1d b5 6c 3f 94  |.m.i.'.L..x..l?.|
+00000480  ef e4 6b ec 02 63 8b bf  f9 00 8a 8a 46 43 5d e0  |..k..c......FC].|
+00000490  52 38 8c d5 76 d7 79 42  a3 6b 35 e2 45 f3 0f b5  |R8..v.yB.k5.E...|
+000004a0  9f 22 f9                                          |.".|
+>>> Flow 3 (client to server)
+00000000  14 03 03 00 01 01 17 03  03 00 45 4b 7c c5 9e c6  |..........EK|...|
+00000010  47 4a 90 d8 c2 c0 49 f7  3b c4 26 eb 15 18 9c bc  |GJ....I.;.&.....|
+00000020  c8 44 f0 53 94 2f 0f c8  d7 c1 86 42 ed b7 8f 63  |.D.S./.....B...c|
+00000030  a0 97 5d 5b 15 01 3a 3d  ca a6 d0 1a a4 77 cc 7e  |..][..:=.....w.~|
+00000040  88 fd 0b c9 a0 46 b7 40  25 8a 03 6e 99 66 bb 84  |.....F.@%..n.f..|
+>>> Flow 4 (server to client)
+00000000  17 03 03 00 1e 6a 41 80  ca 72 5f c3 ee e1 88 49  |.....jA..r_....I|
+00000010  6d be a4 d9 26 07 5c 2b  2c a7 83 b5 c4 eb 4e 4b  |m...&.\+,.....NK|
+00000020  a1 29 98 17 03 03 00 13  2a f9 33 6c 46 f7 9a 51  |.)......*.3lF..Q|
+00000030  1b 36 cd bc d8 5d 94 0d  9e 4b 72                 |.6...]...Kr|
--- a/src/crypto/tls/tls_test.go
+++ b/src/crypto/tls/tls_test.go
@@ -23,11 +23,15 @@ import (
 	"time"
 )

+var savedSupportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithmsTLS12
+
 func init() {
-	// TLS 1.3 is opt-in for Go 1.12, but we want to run most tests with it enabled.
-	// TestTLS13Switch below tests the disabled behavior. See Issue 30055.
+	// TLS 1.3 is opt-in for Go 1.12, and RSA-PSS is disabled in TLS 1.2, but we
+	// want to run most tests with both enabled. TestTLS13Switch below and the
+	// "PSS-Disabled" recordings test the disabled behavior. See Issue 30055.
 	tls13Support.Do(func() {}) // defuse the sync.Once
 	tls13Support.cached = true
+	supportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithms
 }

 var rsaCertPEM = `-----BEGIN CERTIFICATE-----