Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
dev.boringcrypto: crypto/tls: in boring.go, RSA key sizes restricted to 2048 and 3072 #41147
Is there a reason why the IsBoringCertificate() check would not allow RSA key sizes > 3072 ?
Specifically, I am trying to establish a TLS connection to a corporate server that has an intermediate CA whose key size is 4096 and it throws:
Seems like this was recently discussed in golang-nuts ( https://groups.google.com/g/golang-nuts/c/DbzPtRDtVgQ ) but i found no open issue here.
Having looked into this, it doesn't appear that allowing other modulus sizes is strictly compliant with the current validation. However, future validations can be updated to take advantage of the increased flexibility now allowed by the IG. We expect to do this, but have no timelines to announce and do not currently have a revalidation in progress.