crypto/tls: align FIPS-only mode with BoringSSL policy

This enables TLS 1.3, disables P-521, and disables non-ECDHE suites. Reapplies CL 549975. Updates #64717 Updates #62372 Change-Id: I6c608704638d59a063a657fbd4eb1126027112dd Reviewed-on: https://go-review.googlesource.com/c/go/+/603376 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com>
2025-12-08 06:10:04 +00:00 · 2023-12-14 22:13:29 +01:00 · 2023-12-14 22:13:29 +01:00 · d36353499f
commit d36353499f
parent 83d9afefea
9 changed files with 93 additions and 44 deletions
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@ -141,13 +141,18 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
 		if len(hello.supportedVersions) == 1 {
 			hello.cipherSuites = nil
 		}
-		if hasAESGCMHardwareSupport {
+		if needFIPS() {
+			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13FIPS...)
+		} else if hasAESGCMHardwareSupport {
 			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13...)
 		} else {
 			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13NoAES...)
 		}

-		curveID := config.curvePreferences(maxVersion)[0]
+		if len(hello.supportedCurves) == 0 {
+			return nil, nil, nil, errors.New("tls: no supported elliptic curves for ECDHE")
+		}
+		curveID := hello.supportedCurves[0]
 		keyShareKeys = &keySharePrivateKeys{curveID: curveID}
 		if curveID == x25519Kyber768Draft00 {
 			keyShareKeys.ecdhe, err = generateECDHEKey(config.rand(), X25519)