crypto/tls: back RSA-PSS out of TLS 1.2 in Go 1.13 #32425
Labels
FrozenDueToAge
NeedsFix
The path to resolution is known, but the work has not been done.
release-blocker
Milestone
8834353 enabled again RSA-PSS in TLS 1.2. Unfortunately, there are broken
crypto.Signer
implementations out there that do the wrong thing when asked to generate RSA-PSS signatures.TLS 1.3 requires RSA-PSS, so there is no way around ripping this band-aid off, but partially because of this TLS 1.3 was opt-in in Go 1.12 and is opt-out in Go 1.13 (#30055). RSA-PSS in TLS 1.2 would just be enabled with no way to turn it off, and both adding another
GODEBUG
option, or makingGODEBUG=tls13=0
impact TLS 1.2 feel wrong.What finally tipped the scale is that #28660 provides a nice way for code to opt-out of RSA-PSS in TLS 1.2 if needed. Let's wait to force RSA-PSS in TLS 1.2 until Go 1.14, when TLS 1.3 is also forced on, and there is a code path to disabling it.
/cc @agl @rsc
The text was updated successfully, but these errors were encountered: