Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity
go/doc/next
History
Filippo Valsorda 59211acb5d crypto/tls: disable SHA-1 signature algorithms in TLS 1.2 
This implements RFC 9155 by removing support for SHA-1 algorithms:

  - we don't advertise them in ClientHello and CertificateRequest
    (where supportedSignatureAlgorithms is used directly)

  - we don't select them in our ServerKeyExchange and CertificateVerify
    (where supportedSignatureAlgorithms filters signatureSchemesForCertificate)

  - we reject them in the peer's ServerKeyExchange and CertificateVerify
    (where we check against the algorithms we advertised in ClientHello
    and CertificateRequest)
  
Fixes #72883

Change-Id: I6a6a4656e2aafd2c38cdd32090d3d8a9a8047818
Reviewed-on: https://go-review.googlesource.com/c/go/+/658216
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
2025-05-21 15:09:29 -07:00
..
6-stdlib crypto/tls: disable SHA-1 signature algorithms in TLS 1.2 2025-05-21 15:09:29 -07:00
1-intro.md doc: initialize next directory for Go 1.25 2025-02-03 07:52:07 -08:00
2-language.md doc: initialize next directory for Go 1.25 2025-02-03 07:52:07 -08:00
3-tools.md cmd/vet: add hostport analyzer 2025-04-23 19:09:44 -07:00
4-runtime.md runtime: use cgroup CPU limit to set GOMAXPROCS 2025-05-21 10:21:55 -07:00
5-toolchain.md doc: fix grammar and spelling 2025-04-29 07:37:04 -07:00
7-ports.md doc/go1.25: document macOS requirements 2025-04-07 11:04:56 -07:00