Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: advertise SHA512/RSA in SignatureHashAlgorithm #22422

Closed
donutmonger opened this issue Oct 24, 2017 · 4 comments
Closed

crypto/tls: advertise SHA512/RSA in SignatureHashAlgorithm #22422

donutmonger opened this issue Oct 24, 2017 · 4 comments

Comments

@donutmonger
Copy link

@donutmonger donutmonger commented Oct 24, 2017

This issue relates to #9757

What version of Go are you using (go version)?

go 1.8.3

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

Windows, x64

What did you do?

Tried to connect to SQL Server with go-mssql library with TLS 1.2. SQL server has a signed certificate using SHA512/RSA signature algorithm.

What did you expect to see?

Expect the communication to succeed.

What did you see instead?

Handshake fails with TLS Handshake failed: Cannot read handshake packet: EOF

The handshake failure is due to SQL server closing the connection because the signature algorithm SHA512/RSA is not in the list of supported signature algorithms in the tls library sent in the ClientHello message. The list of supported signature algorithms currently is defined here: https://github.com/golang/go/blob/master/src/crypto/tls/common.go#L139

Interestingly enough the tls library does work with SHA512/RSA if SQL server is configured to use TLS 1.1 where the server basically gets to choose which signature algorithm it uses (decided by the SSL certificate) and it is up to the client to reject an unknown signature algorithm.

Because the tls library works with SHA512/RSA it should advertise that as a supported signature algorithm.

@tombergan

This comment has been minimized.

Copy link
Contributor

@tombergan tombergan commented Oct 24, 2017

@FiloSottile

This comment has been minimized.

Copy link
Member

@FiloSottile FiloSottile commented Oct 31, 2017

This is precisely #9757 with SHA-512 instead of SHA-384.

We already support SHA-512 certs since they require the same package as SHA-384 (b53bb2c), so we might as well advertise PKCS1WithSHA512 and ECDSAWithP521AndSHA512.

See 09b238f for background.

@FiloSottile

This comment has been minimized.

Copy link
Member

@FiloSottile FiloSottile commented Nov 1, 2017

This required adding support for SHA-512 signatures on CertificateVerify and ServerKeyExchange messages, because of the signatureAndHash extension overloading, which I'm not enthusiastic about.

To @agl for decision.

@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Nov 1, 2017

Change https://golang.org/cl/74950 mentions this issue: crypto/tls: advertise support for SHA-512 signatures in 1.2

@gopherbot gopherbot closed this in 96cd66b Nov 8, 2017
FiloSottile added a commit to FiloSottile/go that referenced this issue Oct 12, 2018
This is the equivalent change to 1c10598 but for SHA-512.

SHA-512 certificates are already supported by default since b53bb2c,
but some servers will refuse connections if the algorithm is not
advertised in the overloaded signatureAndHash extension (see 09b238f).

This required adding support for SHA-512 signatures on CertificateVerify
and ServerKeyExchange messages, because of said overloading.

Some testdata/Client-TLSv1{0,1} files changed because they send a 1.2
ClientHello even if the server picks a lower version.

Closes golang#22422

Change-Id: I16282d03a3040260d203711ec21e6b20a0e1e105
Reviewed-on: https://go-review.googlesource.com/74950
Run-TryBot: Filippo Valsorda <hi@filippo.io>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
FiloSottile added a commit to FiloSottile/go that referenced this issue Oct 12, 2018
This is the equivalent change to 1c10598 but for SHA-512.

SHA-512 certificates are already supported by default since b53bb2c,
but some servers will refuse connections if the algorithm is not
advertised in the overloaded signatureAndHash extension (see 09b238f).

This required adding support for SHA-512 signatures on CertificateVerify
and ServerKeyExchange messages, because of said overloading.

Some testdata/Client-TLSv1{0,1} files changed because they send a 1.2
ClientHello even if the server picks a lower version.

Closes golang#22422

Change-Id: I16282d03a3040260d203711ec21e6b20a0e1e105
Reviewed-on: https://go-review.googlesource.com/74950
Run-TryBot: Filippo Valsorda <hi@filippo.io>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
@golang golang locked and limited conversation to collaborators Nov 8, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.