crypto/tls: re-enable RSA-PSS in TLS 1.2 again

TLS 1.3, which requires RSA-PSS, is now enabled without a GODEBUG opt-out, and with the introduction of Certificate.SupportedSignatureAlgorithms (#28660) there is a programmatic way to avoid RSA-PSS (disable TLS 1.3 with MaxVersion and use that field to specify only PKCS#1 v1.5 SignatureSchemes). This effectively reverts 0b3a57b537, although following CL 205061 all of the signing-side logic is conveniently centralized in signatureSchemesForCertificate. Fixes #32425 Change-Id: I7c9a8893bb5d518d86eae7db82612b9b2cd257d7 Reviewed-on: https://go-review.googlesource.com/c/go/+/205063 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-12-08 06:10:04 +00:00 · 2019-11-03 21:28:47 -05:00 · 2019-11-03 21:28:47 -05:00 · 52a5bf4d33
commit 52a5bf4d33
parent 5b17b65750
28 changed files with 1264 additions and 1244 deletions
--- a/src/crypto/tls/auth.go
+++ b/src/crypto/tls/auth.go
@ -191,10 +191,9 @@ func signatureSchemesForCertificate(version uint16, cert *Certificate) []Signatu
 	case *rsa.PublicKey:
 		if version != VersionTLS13 {
 			sigAlgs = []SignatureScheme{
-				// Temporarily disable RSA-PSS in TLS 1.2, see Issue 32425.
-				// PSSWithSHA256,
-				// PSSWithSHA384,
-				// PSSWithSHA512,
+				PSSWithSHA256,
+				PSSWithSHA384,
+				PSSWithSHA512,
 				PKCS1WithSHA256,
 				PKCS1WithSHA384,
 				PKCS1WithSHA512,