proposal: crypto/tls: disable SHA-1 signature algorithms in TLS 1.2 #72883
Labels
LibraryProposal
Issues describing a requested change to the Go standard library or x/ libraries, but not to a tool
Proposal
Proposal-Crypto
Proposal related to crypto packages or other security issues
Milestone
Comments
FiloSottile
added
Proposal
Proposal-Crypto
|
Change https://go.dev/cl/658216 mentions this issue: |
|
Related Issues
Related Code Changes (Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.) |
gabyhelp
added
the
LibraryProposal
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In TLS 1.2, we still advertise and select (as the final preference) SHA-1 signature algorithms, rsa_pkcs1_sha1 and ecdsa_sha1. (In TLS 1.3 we reject them. In TLS 1.0 they are the only option.)
RFC 9155 made rejecting them a MUST, and we're overdue anyway.
I propose we implement RFC 9155 and remove support for SHA-1 signature algorithms in TLS 1.2.
The GODEBUG setting
tlssha1=1can be used to revert to the previous behavior./cc @golang/security
The text was updated successfully, but these errors were encountered: