mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
crypto/tls: add GODEBUG to control max RSA key size
Add a new GODEBUG setting, tlsmaxrsasize, which allows controlling the maximum RSA key size we will accept during TLS handshakes. Change-Id: I52f060be132014d219f4cd438f59990011a35c96 Reviewed-on: https://go-review.googlesource.com/c/go/+/517495 Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
This commit is contained in:
Roland Shoemaker
Gopher Robot
parent
7bb9115281
commit
59cc5ee2c8
3 changed files with 35 additions and 8 deletions
5
conn.go
5
conn.go
|
|
@ -1467,6 +1467,11 @@ func (c *Conn) closeNotify() error {
|
|||
//
|
||||
// For control over canceling or setting a timeout on a handshake, use
|
||||
// HandshakeContext or the Dialer's DialContext method instead.
|
||||
//
|
||||
// In order to avoid denial of service attacks, the maximum RSA key size allowed
|
||||
// in certificates sent by either the TLS server or client is limited to 8192
|
||||
// bits. This limit can be overridden by setting tlsmaxrsasize in the GODEBUG
|
||||
// environment variable (e.g. GODEBUG=tlsmaxrsasize=4096).
|
||||
func (c *Conn) Handshake() error {
|
||||
return c.HandshakeContext(context.Background())
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue