• Filippo Valsorda's avatar
    crypto/tls: disable RSA-PSS in TLS 1.2 · 7ccd3583
    Filippo Valsorda authored
    Most of the issues that led to the decision on #30055 were related to
    incompatibility with or faulty support for RSA-PSS (#29831, #29779,
    v1.5 signatures). RSA-PSS is required by TLS 1.3, but is also available
    to be negotiated in TLS 1.2.
    
    Altering TLS 1.2 behavior based on GODEBUG=tls13=1 feels surprising, so
    just disable RSA-PSS entirely in TLS 1.2 until TLS 1.3 is on by default,
    so breakage happens all at once.
    
    Updates #30055
    
    Change-Id: Iee90454a20ded8895e5302e8bcbcd32e4e3031c2
    Reviewed-on: https://go-review.googlesource.com/c/160998
    Run-TryBot: Filippo Valsorda <filippo@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    Reviewed-by: 's avatarAdam Langley <agl@golang.org>
    7ccd3583
Name
Last commit
Last update
..
aes Loading commit data...
cipher Loading commit data...
des Loading commit data...
dsa Loading commit data...
ecdsa Loading commit data...
elliptic Loading commit data...
hmac Loading commit data...
internal Loading commit data...
md5 Loading commit data...
rand Loading commit data...
rc4 Loading commit data...
rsa Loading commit data...
sha1 Loading commit data...
sha256 Loading commit data...
sha512 Loading commit data...
subtle Loading commit data...
tls Loading commit data...
x509 Loading commit data...
crypto.go Loading commit data...
issue21104_test.go Loading commit data...