• Filippo Valsorda's avatar
    crypto/tls: re-enable RSA-PSS in TLS 1.2 again · 52a5bf4d
    Filippo Valsorda authored
    TLS 1.3, which requires RSA-PSS, is now enabled without a GODEBUG
    opt-out, and with the introduction of
    Certificate.SupportedSignatureAlgorithms (#28660) there is a
    programmatic way to avoid RSA-PSS (disable TLS 1.3 with MaxVersion and
    use that field to specify only PKCS#1 v1.5 SignatureSchemes).
    
    This effectively reverts 0b3a57b5,
    although following CL 205061 all of the signing-side logic is
    conveniently centralized in signatureSchemesForCertificate.
    
    Fixes #32425
    
    Change-Id: I7c9a8893bb5d518d86eae7db82612b9b2cd257d7
    Reviewed-on: https://go-review.googlesource.com/c/go/+/205063
    Run-TryBot: Filippo Valsorda <filippo@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    Reviewed-by: default avatarKatie Hockman <katie@golang.org>
    Reviewed-by: default avatarAdam Langley <agl@golang.org>
    52a5bf4d
Client-TLSv12-RenegotiateTwice 25.7 KB