src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled · 320da8d149bda0f5217444faac19abedfddf30f2 · Kirill Smelkov / go

[release-branch.go1.12] crypto/tls: don't select RSA-PSS for client certificates in TLS 1.2 · 320da8d1

Filippo Valsorda authored Feb 19, 2019

In https://golang.org/cl/160998, RSA-PSS was disabled for
(most of) TLS 1.2. One place where we can't disable it is in a Client
Hello which offers both TLS 1.2 and 1.3: RSA-PSS is required by TLS 1.3,
so to offer TLS 1.3 we need to offer RSA-PSS, even if the server might
select TLS 1.2.

The good news is that we want to disable RSA-PSS mostly when we are the
signing side, as that's where broken crypto.Signer implementations will
bite us. So we can announce RSA-PSS in the Client Hello, tolerate the
server picking TLS 1.2 and RSA-PSS for their signatures, but still not
do RSA-PSS on our side if asked to provide a client certificate.

Client-TLSv12-ClientCert-RSA-PSS-Disabled changed because it was indeed
actually using RSA-PSS.

Updates #30055

Change-Id: I5ecade744b666433b37847abf55e1f08089b21d4
Reviewed-on: https://go-review.googlesource.com/c/163039Reviewed-by: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>

320da8d1

Client-TLSv12-ClientCert-RSA-PSS-Disabled 10.3 KB

Replace Client-TLSv12-ClientCert-RSA-PSS-Disabled