Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/tls: back RSA-PSS out of TLS 1.2 in Go 1.13 #32425
8834353 enabled again RSA-PSS in TLS 1.2. Unfortunately, there are broken
TLS 1.3 requires RSA-PSS, so there is no way around ripping this band-aid off, but partially because of this TLS 1.3 was opt-in in Go 1.12 and is opt-out in Go 1.13 (#30055). RSA-PSS in TLS 1.2 would just be enabled with no way to turn it off, and both adding another
What finally tipped the scale is that #28660 provides a nice way for code to opt-out of RSA-PSS in TLS 1.2 if needed. Let's wait to force RSA-PSS in TLS 1.2 until Go 1.14, when TLS 1.3 is also forced on, and there is a code path to disabling it.