Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: Expose signature_algorithms in ClientHelloInfo #15200

Closed
titanous opened this issue Apr 8, 2016 · 3 comments
Closed

crypto/tls: Expose signature_algorithms in ClientHelloInfo #15200

titanous opened this issue Apr 8, 2016 · 3 comments
Assignees
Milestone

Comments

@titanous
Copy link
Member

@titanous titanous commented Apr 8, 2016

The signature_algorithms extension is provided in the TLS 1.2 ClientHello and could be used with the existing GetCertificate hook to choose between certificate chains with RSA and ECDSA signatures if exposed in ClientHelloInfo.

/cc @agl

@bradfitz bradfitz added this to the Unplanned milestone Apr 9, 2016
@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Apr 11, 2016

You don't need to look at signature_algorithms because ClientHelloInfo already includes the offered cipher suites, curves and point formats.

@agl agl closed this Apr 11, 2016
@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Apr 11, 2016

(To elaborate, TLS cipher suites specify the certificate format too. So an …_ECDSA_… cipher suite has to use an ECDSA certificate. The crypto/tls code is smart enough not to try and select an RSA cipher suite if you hand it an ECDSA certificate.)

@titanous

This comment has been minimized.

Copy link
Member Author

@titanous titanous commented Apr 12, 2016

Makes sense, thanks!

@golang golang locked and limited conversation to collaborators Apr 12, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.