Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(3883)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 15650043: code review 15650043: crypto/tls: advertise support for RSA+SHA1 in TLS 1.2 h... (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
10 years, 6 months ago by agl1
Modified:
10 years, 6 months ago
Reviewers:
r
CC:
golang-dev, r
Visibility:
Public.

Description

crypto/tls: advertise support for RSA+SHA1 in TLS 1.2 handshake. Despite SHA256 support being required for TLS 1.2 handshakes, some servers are aborting handshakes that don't offer SHA1 support. This change adds support for signing TLS 1.2 ServerKeyExchange messages with SHA1. It does not add support for signing TLS 1.2 client certificates with SHA1 as that would require the handshake to be buffered. Fixes issue 6618.

Patch Set 1 #

Patch Set 2 : diff -r 6752a7aad603 https://code.google.com/p/go/ #

Patch Set 3 : diff -r 6752a7aad603 https://code.google.com/p/go/ #

Total comments: 2

Patch Set 4 : diff -r 6752a7aad603 https://code.google.com/p/go/ #

Unified diffs Side-by-side diffs Delta from patch set Stats (+218 lines, -157 lines) Patch
M src/pkg/crypto/tls/common.go View 1 1 chunk +12 lines, -3 lines 0 comments Download
M src/pkg/crypto/tls/handshake_client.go View 1 1 chunk +1 line, -1 line 0 comments Download
M src/pkg/crypto/tls/handshake_client_test.go View 1 5 chunks +141 lines, -141 lines 0 comments Download
M src/pkg/crypto/tls/handshake_messages_test.go View 1 1 chunk +1 line, -1 line 0 comments Download
M src/pkg/crypto/tls/handshake_server.go View 1 1 chunk +1 line, -1 line 0 comments Download
M src/pkg/crypto/tls/key_agreement.go View 1 2 3 5 chunks +62 lines, -10 lines 0 comments Download

Messages

Total messages: 3
agl1
Hello golang-dev@googlegroups.com (cc: golang-dev@googlegroups.com), I'd like you to review this change to https://code.google.com/p/go/
10 years, 6 months ago (2013-10-21 18:00:48 UTC) #1
r
LGTM you can s/s/z/ in the CL too if you're so inclined https://codereview.appspot.com/15650043/diff/50001/src/pkg/crypto/tls/key_agreement.go File src/pkg/crypto/tls/key_agreement.go ...
10 years, 6 months ago (2013-10-21 18:18:59 UTC) #2
agl1
10 years, 6 months ago (2013-10-21 20:35:29 UTC) #3 
*** Submitted as https://code.google.com/p/go/source/detail?r=29d3ab5ced5a ***

crypto/tls: advertise support for RSA+SHA1 in TLS 1.2 handshake.

Despite SHA256 support being required for TLS 1.2 handshakes, some
servers are aborting handshakes that don't offer SHA1 support.

This change adds support for signing TLS 1.2 ServerKeyExchange messages
with SHA1. It does not add support for signing TLS 1.2 client
certificates with SHA1 as that would require the handshake to be
buffered.

Fixes issue 6618.

R=golang-dev, r
CC=golang-dev
https://codereview.appspot.com/15650043

https://codereview.appspot.com/15650043/diff/50001/src/pkg/crypto/tls/key_agr...
File src/pkg/crypto/tls/key_agreement.go (right):

https://codereview.appspot.com/15650043/diff/50001/src/pkg/crypto/tls/key_agr...
src/pkg/crypto/tls/key_agreement.go:141: // advertised list of supported
signature and hash combinations.
On 2013/10/21 18:18:59, r wrote:
> advertized sted advertised

Done.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b