crypto/tls: move defaults into defaults.go

Fixes #65265
Updates #60790

Change-Id: Iaa5f475d614d3ed87f091c93a3f888b7eb3433f2
Reviewed-on: https://go-review.googlesource.com/c/go/+/587296
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Derek Parker <parkerderek86@gmail.com>
This commit is contained in:
Filippo Valsorda 2024-05-22 12:51:03 +02:00 committed by Gopher Robot
parent 470b5f1f9d
commit 72f81ff7ec
7 changed files with 152 additions and 170 deletions

View file

@ -242,7 +242,7 @@ func selectSignatureScheme(vers uint16, c *Certificate, peerAlgs []SignatureSche
// Pick signature scheme in the peer's preference order, as our
// preference order is not configurable.
for _, preferredAlg := range peerAlgs {
if needFIPS() && !isSupportedSignatureAlgorithm(preferredAlg, fipsSupportedSignatureAlgorithms) {
if needFIPS() && !isSupportedSignatureAlgorithm(preferredAlg, defaultSupportedSignatureAlgorithmsFIPS) {
continue
}
if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) {