doc · d5a36531b2e0a904d616fec55e64575d6583dd80 · go / golang

crypto/tls: disable RSA-PSS in TLS 1.2 · 7ccd3583

Filippo Valsorda authored Feb 05, 2019

Most of the issues that led to the decision on #30055 were related to
incompatibility with or faulty support for RSA-PSS (#29831, #29779,
v1.5 signatures). RSA-PSS is required by TLS 1.3, but is also available
to be negotiated in TLS 1.2.

Altering TLS 1.2 behavior based on GODEBUG=tls13=1 feels surprising, so
just disable RSA-PSS entirely in TLS 1.2 until TLS 1.3 is on by default,
so breakage happens all at once.

Updates #30055

Change-Id: Iee90454a20ded8895e5302e8bcbcd32e4e3031c2
Reviewed-on: https://go-review.googlesource.com/c/160998
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>

7ccd3583

Name	Last commit	Last update
..
articles		Loading commit data...
codewalk		Loading commit data...
devel		Loading commit data...
gopher		Loading commit data...
play		Loading commit data...
progs		Loading commit data...
asm.html		Loading commit data...
cmd.html		Loading commit data...
code.html		Loading commit data...
conduct.html		Loading commit data...
contrib.html		Loading commit data...
contribute.html		Loading commit data...
debugging_with_gdb.html		Loading commit data...
diagnostics.html		Loading commit data...
docs.html		Loading commit data...
editors.html		Loading commit data...
effective_go.html		Loading commit data...
gccgo_contribute.html		Loading commit data...
gccgo_install.html		Loading commit data...
go-logo-black.png		Loading commit data...
go-logo-blue.png		Loading commit data...
go-logo-white.png		Loading commit data...
go1.1.html		Loading commit data...
go1.10.html		Loading commit data...
go1.11.html		Loading commit data...
go1.12.html		Loading commit data...
go1.2.html		Loading commit data...
go1.3.html		Loading commit data...
go1.4.html		Loading commit data...
go1.5.html		Loading commit data...
go1.6.html		Loading commit data...
go1.7.html		Loading commit data...
go1.8.html		Loading commit data...
go1.9.html		Loading commit data...
go1.html		Loading commit data...
go1compat.html		Loading commit data...
go_faq.html		Loading commit data...
go_mem.html		Loading commit data...
go_spec.html		Loading commit data...
help.html		Loading commit data...
ie.css		Loading commit data...
install-source.html		Loading commit data...
install.html		Loading commit data...
root.html		Loading commit data...
security.html		Loading commit data...
share.png		Loading commit data...
tos.html		Loading commit data...