A (weird, non-Go) client that prefers PSSWithSHA512 (minimum key size 1040 bits) but supports PSSWithSHA256 (minimum key size 528 bits) would fail to connect to a Go server with a certificate with a 1024 bit key.
We should refuse to negotiate parameters that we already know are not supported by the certificate key.
A (weird, non-Go) client that prefers
PSSWithSHA512
(minimum key size 1040 bits) but supportsPSSWithSHA256
(minimum key size 528 bits) would fail to connect to a Go server with a certificate with a 1024 bit key.We should refuse to negotiate parameters that we already know are not supported by the certificate key.
See #29779 (comment)
The text was updated successfully, but these errors were encountered: