Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: advertise SHA512/RSA in SignatureHashAlgorithm #22422

Closed
dev-rice opened this issue Oct 24, 2017 · 4 comments
Closed

crypto/tls: advertise SHA512/RSA in SignatureHashAlgorithm #22422

dev-rice opened this issue Oct 24, 2017 · 4 comments
Labels
FrozenDueToAge

Comments

@dev-rice
Copy link

This issue relates to #9757

What version of Go are you using (go version)?

go 1.8.3

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

Windows, x64

What did you do?

Tried to connect to SQL Server with go-mssql library with TLS 1.2. SQL server has a signed certificate using SHA512/RSA signature algorithm.

What did you expect to see?

Expect the communication to succeed.

What did you see instead?

Handshake fails with TLS Handshake failed: Cannot read handshake packet: EOF

The handshake failure is due to SQL server closing the connection because the signature algorithm SHA512/RSA is not in the list of supported signature algorithms in the tls library sent in the ClientHello message. The list of supported signature algorithms currently is defined here: https://github.com/golang/go/blob/master/src/crypto/tls/common.go#L139

Interestingly enough the tls library does work with SHA512/RSA if SQL server is configured to use TLS 1.1 where the server basically gets to choose which signature algorithm it uses (decided by the SSL certificate) and it is up to the client to reject an unknown signature algorithm.

Because the tls library works with SHA512/RSA it should advertise that as a supported signature algorithm.
@tombergan
Copy link
Contributor

/cc @FiloSottile

@FiloSottile
Copy link
Contributor

This is precisely #9757 with SHA-512 instead of SHA-384.

We already support SHA-512 certs since they require the same package as SHA-384 (b53bb2c), so we might as well advertise PKCS1WithSHA512 and ECDSAWithP521AndSHA512.

See 09b238f for background.

@FiloSottile
Copy link
Contributor

This required adding support for SHA-512 signatures on CertificateVerify and ServerKeyExchange messages, because of the signatureAndHash extension overloading, which I'm not enthusiastic about.

To @agl for decision.

@gopherbot
Copy link

Change https://golang.org/cl/74950 mentions this issue: crypto/tls: advertise support for SHA-512 signatures in 1.2

@kpschuck kpschuck mentioned this issue May 10, 2018
Merged
FiloSottile added a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@FiloSottile @agl
crypto/tls: advertise support for SHA-512 signatures in 1.2
ca44103 
This is the equivalent change to 1c10598 but for SHA-512.

SHA-512 certificates are already supported by default since b53bb2c,
but some servers will refuse connections if the algorithm is not
advertised in the overloaded signatureAndHash extension (see 09b238f).

This required adding support for SHA-512 signatures on CertificateVerify
and ServerKeyExchange messages, because of said overloading.

Some testdata/Client-TLSv1{0,1} files changed because they send a 1.2
ClientHello even if the server picks a lower version.

Closes golang#22422

Change-Id: I16282d03a3040260d203711ec21e6b20a0e1e105
Reviewed-on: https://go-review.googlesource.com/74950
Run-TryBot: Filippo Valsorda <hi@filippo.io>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
FiloSottile added a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@FiloSottile @agl
crypto/tls: advertise support for SHA-512 signatures in 1.2
64bffb7 
This is the equivalent change to 1c10598 but for SHA-512.

SHA-512 certificates are already supported by default since b53bb2c,
but some servers will refuse connections if the algorithm is not
advertised in the overloaded signatureAndHash extension (see 09b238f).

This required adding support for SHA-512 signatures on CertificateVerify
and ServerKeyExchange messages, because of said overloading.

Some testdata/Client-TLSv1{0,1} files changed because they send a 1.2
ClientHello even if the server picks a lower version.

Closes golang#22422

Change-Id: I16282d03a3040260d203711ec21e6b20a0e1e105
Reviewed-on: https://go-review.googlesource.com/74950
Run-TryBot: Filippo Valsorda <hi@filippo.io>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
@golang golang locked and limited conversation to collaborators Nov 8, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@FiloSottile @dev-rice @gopherbot @tombergan