Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: crypto/tls: Allow setting SignatureSchemes in Config #43549

Closed
klausenbusk opened this issue Jan 6, 2021 · 4 comments
Closed

proposal: crypto/tls: Allow setting SignatureSchemes in Config #43549

klausenbusk opened this issue Jan 6, 2021 · 4 comments
Labels
FrozenDueToAge Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Milestone
Proposal

Comments

@klausenbusk
Copy link

There is currently no easy way to set SignatureSchemes when using crypto/tls as a client. I assume we could just add SignatureSchemes to Config.

I need this feature, so I can monitor both RSA and ECDSA certificates when the TLS server (HTTPS in this case) is offering both. Relevant issue: prometheus/blackbox_exporter#731.
@gopherbot gopherbot added this to the Proposal milestone Jan 6, 2021
@klausenbusk klausenbusk mentioned this issue Jan 6, 2021
Closed
@ianlancetaylor ianlancetaylor added this to Incoming in Proposals (old) Jan 6, 2021
@ianlancetaylor ianlancetaylor added the Proposal-Crypto Proposal related to crypto packages or other security issues label Jan 6, 2021
@rsc
Copy link
Contributor

rsc commented Jan 13, 2021

/cc @FiloSottile

@FiloSottile
Copy link
Contributor

Sorry, but we don't add options to crypto/tls that are only useful for diagnostic tools. As far as I know, applications have no reason to have preferences on signature algorithms, so we can make that selection for them.

@klausenbusk
Copy link
Author

Sorry, but we don't add options to crypto/tls that are only useful for diagnostic tools.

That kinda make sense, but what are my options then? I need to monitor both certificates and for that I need SignatureSchemes support. Fork crypto/tls? Create my own TLS library? Create and bash script which run openssl?

@FiloSottile
Copy link
Contributor

Forks are the usual solution to this. There are already a few that might work for you, like github.com/zmap/zcrypto/tls.

@ianlancetaylor ianlancetaylor removed this from Incoming in Proposals (old) Mar 22, 2021
@golang golang locked and limited conversation to collaborators Jan 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
None yet
Milestone
Proposal
Development

No branches or pull requests
5 participants
@rsc @klausenbusk @FiloSottile @ianlancetaylor @gopherbot