crypto/tls: disable RSA-PSS in TLS 1.2

Most of the issues that led to the decision on #30055 were related to incompatibility with or faulty support for RSA-PSS (#29831, #29779, v1.5 signatures). RSA-PSS is required by TLS 1.3, but is also available to be negotiated in TLS 1.2. Altering TLS 1.2 behavior based on GODEBUG=tls13=1 feels surprising, so just disable RSA-PSS entirely in TLS 1.2 until TLS 1.3 is on by default, so breakage happens all at once. Updates #30055 Change-Id: Iee90454a20ded8895e5302e8bcbcd32e4e3031c2 Reviewed-on: https://go-review.googlesource.com/c/160998 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2019-02-05 15:27:56 -05:00 · 2019-02-05 15:27:56 -05:00 · b5bf3890ae
commit b5bf3890ae
parent 6fa53d1012
15 changed files with 1045 additions and 43 deletions
--- a/tls_test.go
+++ b/tls_test.go
@ -23,11 +23,15 @@ import (
 	"time"
 )

+var savedSupportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithmsTLS12
+
 func init() {
-	// TLS 1.3 is opt-in for Go 1.12, but we want to run most tests with it enabled.
-	// TestTLS13Switch below tests the disabled behavior. See Issue 30055.
+	// TLS 1.3 is opt-in for Go 1.12, and RSA-PSS is disabled in TLS 1.2, but we
+	// want to run most tests with both enabled. TestTLS13Switch below and the
+	// "PSS-Disabled" recordings test the disabled behavior. See Issue 30055.
 	tls13Support.Do(func() {}) // defuse the sync.Once
 	tls13Support.cached = true
+	supportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithms
 }

 var rsaCertPEM = `-----BEGIN CERTIFICATE-----