-
Notifications
You must be signed in to change notification settings - Fork 17.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: don't negotiate RSA-PSS algorithms that are too big for our key #29793
Labels
Milestone
Comments
FiloSottile
added
NeedsFix
The path to resolution is known, but the work has not been done.
release-blocker
labels
Jan 17, 2019
Change https://golang.org/cl/205177 mentions this issue: |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
A (weird, non-Go) client that prefers
PSSWithSHA512
(minimum key size 1040 bits) but supportsPSSWithSHA256
(minimum key size 528 bits) would fail to connect to a Go server with a certificate with a 1024 bit key.We should refuse to negotiate parameters that we already know are not supported by the certificate key.
See #29779 (comment)
The text was updated successfully, but these errors were encountered: