Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: Expose signature_algorithms in ClientHelloInfo #15200

Closed
titanous opened this issue Apr 8, 2016 · 3 comments
Closed

crypto/tls: Expose signature_algorithms in ClientHelloInfo #15200

titanous opened this issue Apr 8, 2016 · 3 comments
Labels
FrozenDueToAge
Milestone
Unplanned

Comments

@titanous
Copy link
Member

titanous commented Apr 8, 2016

The signature_algorithms extension is provided in the TLS 1.2 ClientHello and could be used with the existing GetCertificate hook to choose between certificate chains with RSA and ECDSA signatures if exposed in ClientHelloInfo.

/cc @agl
@bradfitz bradfitz added this to the Unplanned milestone Apr 9, 2016
@agl
Copy link
Contributor

agl commented Apr 11, 2016

You don't need to look at signature_algorithms because ClientHelloInfo already includes the offered cipher suites, curves and point formats.

@agl agl closed this as completed Apr 11, 2016
@agl
Copy link
Contributor

agl commented Apr 11, 2016

(To elaborate, TLS cipher suites specify the certificate format too. So an …_ECDSA_… cipher suite has to use an ECDSA certificate. The crypto/tls code is smart enough not to try and select an RSA cipher suite if you hand it an ECDSA certificate.)

@titanous
Copy link
Member Author

Makes sense, thanks!

@golang golang locked and limited conversation to collaborators Apr 12, 2017
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
4 participants
@bradfitz @titanous @agl @gopherbot