crypto/tls: remove tlsrsakex GODEBUG setting

Updates #75316 Change-Id: I6eb8482505a83b8b63edcb7d443e227a6a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/777381 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2026-06-27 03:11:23 +00:00 · 2026-05-12 16:00:23 -04:00 · 2026-05-12 16:00:23 -04:00 · 14a4bc2051
commit 14a4bc2051
parent a7bc19bf37
10 changed files with 14 additions and 35 deletions
--- a/doc/godebug.md
+++ b/doc/godebug.md
@ -160,6 +160,8 @@ Go 1.27 removed the `gotypesalias` setting, as noted in the [Go 1.22](#go-122) s

 Go 1.27 removed the `tlsunsafeekm` setting, as noted in the [Go 1.22](#go-122) section.

+Go 1.27 removed the `tlsrsakex` setting, as noted in the [Go 1.22](#go-122) section.
+
 Go 1.27 added a new `htmlmetacontenturlescape` setting that controls whether
 html/template will escape URLs in the `url=` portion of the content attribute of
 HTML meta tags. The default `htmlmetacontentescape=1` will cause URLs to be
--- a/src/crypto/tls/bogo_config.json
+++ b/src/crypto/tls/bogo_config.json
@ -47,7 +47,7 @@
        "*-Verify-RSA_PKCS1_SHA256_LEGACY-TLS12": "Likewise, we don't know how to handle it in TLS 1.2, so we send the wrong alert",
        "*-VerifyDefault-*": "Our signature algorithms are not configurable, so there is no difference between default and supported",
        "Ed25519DefaultDisable-*": "We support Ed25519 by default",
-        "NoCommonSignatureAlgorithms-TLS12-Fallback": "We don't support the legacy RSA exchange (without tlsrsakex=1)",
+        "NoCommonSignatureAlgorithms-TLS12-Fallback": "We don't support the legacy RSA exchange",

        "*_SHA1-TLS12": "We don't support SHA-1 in TLS 1.2 (without tlssha1=1)",
        "Agree-Digest-SHA1": "We don't support SHA-1 in TLS 1.2 (without tlssha1=1)",
--- a/src/crypto/tls/cipher_suites.go
+++ b/src/crypto/tls/cipher_suites.go
@ -346,16 +346,11 @@ var disabledCipherSuites = map[uint16]bool{
 	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: true,
 	TLS_ECDHE_RSA_WITH_RC4_128_SHA:   true,
 	TLS_RSA_WITH_RC4_128_SHA:         true,
-}

-// rsaKexCiphers contains the ciphers which use RSA based key exchange,
-// which we also disable by default unless a GODEBUG is set.
-var rsaKexCiphers = map[uint16]bool{
-	TLS_RSA_WITH_RC4_128_SHA:        true,
+	// RSA key exchange
 	TLS_RSA_WITH_3DES_EDE_CBC_SHA:   true,
 	TLS_RSA_WITH_AES_128_CBC_SHA:    true,
 	TLS_RSA_WITH_AES_256_CBC_SHA:    true,
-	TLS_RSA_WITH_AES_128_CBC_SHA256: true,
 	TLS_RSA_WITH_AES_128_GCM_SHA256: true,
 	TLS_RSA_WITH_AES_256_GCM_SHA384: true,
 }
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@ -723,9 +723,7 @@ type Config struct {
 	// the list is ignored. Note that TLS 1.3 ciphersuites are not configurable.
 	//
 	// If CipherSuites is nil, a safe default list is used. The default cipher
-	// suites might change over time. In Go 1.22 RSA key exchange based cipher
-	// suites were removed from the default list, but can be re-added with the
-	// GODEBUG setting tlsrsakex=1. In Go 1.23 3DES cipher suites were removed
+	// suites might change over time. In Go 1.23 3DES cipher suites were removed
 	// from the default list, but can be re-added with the GODEBUG setting
 	// tls3des=1.
 	CipherSuites []uint16
--- a/src/crypto/tls/defaults.go
+++ b/src/crypto/tls/defaults.go
@ -66,7 +66,6 @@ func defaultSupportedSignatureAlgorithms() []SignatureScheme {
 	}
 }

-var tlsrsakex = godebug.New("tlsrsakex")
 var tls3des = godebug.New("tls3des")

 func supportedCipherSuites(aesGCMPreferred bool) []uint16 {
@ -81,7 +80,6 @@ func defaultCipherSuites(aesGCMPreferred bool) []uint16 {
 	cipherSuites := supportedCipherSuites(aesGCMPreferred)
 	return slices.DeleteFunc(cipherSuites, func(c uint16) bool {
 		return disabledCipherSuites[c] ||
-			tlsrsakex.Value() != "1" && rsaKexCiphers[c] ||
 			tls3des.Value() != "1" && tdesCiphers[c]
 	})
 }
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@ -627,10 +627,6 @@ func (hs *clientHandshakeState) pickCipherSuite() error {
 		return errors.New("tls: server chose an unconfigured cipher suite")
 	}

-	if hs.c.config.CipherSuites == nil && !fips140tls.Required() && rsaKexCiphers[hs.suite.id] {
-		tlsrsakex.Value() // ensure godebug is initialized
-		tlsrsakex.IncNonDefault()
-	}
 	if hs.c.config.CipherSuites == nil && !fips140tls.Required() && tdesCiphers[hs.suite.id] {
 		tls3des.Value() // ensure godebug is initialized
 		tls3des.IncNonDefault()
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@ -412,10 +412,6 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
 	}
 	c.cipherSuite = hs.suite.id

-	if c.config.CipherSuites == nil && !fips140tls.Required() && rsaKexCiphers[hs.suite.id] {
-		tlsrsakex.Value() // ensure godebug is initialized
-		tlsrsakex.IncNonDefault()
-	}
 	if c.config.CipherSuites == nil && !fips140tls.Required() && tdesCiphers[hs.suite.id] {
 		tls3des.Value() // ensure godebug is initialized
 		tls3des.IncNonDefault()
--- a/src/crypto/tls/tls_test.go
+++ b/src/crypto/tls/tls_test.go
@ -1715,16 +1715,14 @@ func TestCipherSuites(t *testing.T) {
 	}

 	// Check that disabled suites are marked insecure.
-	for _, badSuites := range []map[uint16]bool{disabledCipherSuites, rsaKexCiphers} {
-		for id := range badSuites {
-			c := CipherSuiteByID(id)
-			if c == nil {
-				t.Errorf("%#04x: no CipherSuite entry", id)
-				continue
-			}
-			if !c.Insecure {
-				t.Errorf("%#04x: disabled by default but not marked insecure", id)
-			}
+	for id := range disabledCipherSuites {
+		c := CipherSuiteByID(id)
+		if c == nil {
+			t.Errorf("%#04x: no CipherSuite entry", id)
+			continue
+		}
+		if !c.Insecure {
+			t.Errorf("%#04x: disabled by default but not marked insecure", id)
 		}
 	}

--- a/src/internal/godebugs/table.go
+++ b/src/internal/godebugs/table.go
@ -64,7 +64,6 @@ var All = []Info{
 	{Name: "tls3des", Package: "crypto/tls", Changed: 23, Old: "1"},
 	{Name: "tlsmaxrsasize", Package: "crypto/tls"},
 	{Name: "tlsmlkem", Package: "crypto/tls", Changed: 24, Old: "0", Opaque: true},
-	{Name: "tlsrsakex", Package: "crypto/tls", Changed: 22, Old: "1"},
 	{Name: "tlssecpmlkem", Package: "crypto/tls", Changed: 26, Old: "0", Opaque: true},
 	{Name: "tlssha1", Package: "crypto/tls", Changed: 25, Old: "1"},
 	// Mark tracebacklabels as Opaque so we don't generate a metric that we can't increment.
@ -99,6 +98,7 @@ var Removed = []RemovedInfo{
 	{Name: "x509sha1", Removed: 24},
 	{Name: "gotypesalias", Removed: 27},
 	{Name: "tlsunsafeekm", Removed: 27}, // Old: "1"
+	{Name: "tlsrsakex", Removed: 27},    // Old: "1"
 }

 // Lookup returns the Info with the given name.
--- a/src/runtime/metrics/doc.go
+++ b/src/runtime/metrics/doc.go
@ -389,10 +389,6 @@ Below is the full list of supported metrics, ordered lexicographically.
 		The number of non-default behaviors executed by the crypto/tls
 		package due to a non-default GODEBUG=tlsmaxrsasize=... setting.

-	/godebug/non-default-behavior/tlsrsakex:events
-		The number of non-default behaviors executed by the crypto/tls
-		package due to a non-default GODEBUG=tlsrsakex=... setting.
-
 	/godebug/non-default-behavior/tlssha1:events
 		The number of non-default behaviors executed by the crypto/tls
 		package due to a non-default GODEBUG=tlssha1=... setting.