New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: TLS Handshake Error #6618
Labels
Milestone
Comments
Alex, I was able reproduce the aforementioned issue with one our public facing site. I have posted the new code @ http://play.golang.org/p/bdPEe4_QXA |
Thank you very much. I can see it broken by https://golang.org/cl/10762044/. It breaks at the very start of negotiation - your server's first packet is error. I don't know enough about this. Lets wait for agl. Alex |
The problem here is that, although the server calculates the handshake hash with SHA256 and doesn't actually need to implementing signing at all, it aborts the connection if the client only supports SHA256 signatures. Should be fixed by https://golang.org/cl/15650043/, which is pending review. Owner changed to @agl. Status changed to Started. |
This issue was closed by revision efed6f9. Status changed to Fixed. |
adg
added a commit
that referenced
this issue
May 11, 2015
…TLS 1.2 handshake. ««« CL 15650043 / 29d3ab5ced5a crypto/tls: advertise support for RSA+SHA1 in TLS 1.2 handshake. Despite SHA256 support being required for TLS 1.2 handshakes, some servers are aborting handshakes that don't offer SHA1 support. This change adds support for signing TLS 1.2 ServerKeyExchange messages with SHA1. It does not add support for signing TLS 1.2 client certificates with SHA1 as that would require the handshake to be buffered. Fixes #6618. R=golang-dev, r CC=golang-dev https://golang.org/cl/15650043 »»» R=golang-dev CC=golang-dev https://golang.org/cl/20570043
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
Despite SHA256 support being required for TLS 1.2 handshakes, some servers are aborting handshakes that don't offer SHA1 support. This change adds support for signing TLS 1.2 ServerKeyExchange messages with SHA1. It does not add support for signing TLS 1.2 client certificates with SHA1 as that would require the handshake to be buffered. Fixes golang#6618. R=golang-dev, r CC=golang-dev https://golang.org/cl/15650043
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The text was updated successfully, but these errors were encountered: