diff options
author | Roland Shoemaker <roland@golang.org> | 2021-02-02 12:58:30 -0800 |
---|---|---|
committer | Roland Shoemaker <roland@golang.org> | 2021-05-06 18:57:43 +0000 |
commit | 90d6bbbe42c15d444c1da0a1c293192d6f735a8e (patch) | |
tree | ed1ccd1bafdb9f69cd48af825d2e5034742fcf7e /doc | |
parent | 402f177efc5d03c11ac6fd25ebd1f42b0b7ec30c (diff) | |
download | go-90d6bbbe42c15d444c1da0a1c293192d6f735a8e.tar.gz go-90d6bbbe42c15d444c1da0a1c293192d6f735a8e.zip |
crypto/tls: enforce ALPN overlap when negotiated on both sides
During the TLS handshake if the server doesn't support any of the
application protocols requested by the client, send the
no_application_protocol alert and abort the handshake on the server
side. This enforces the requirements of RFC 7301.
Change-Id: Iced2bb5c6efc607497de1c40ee3de9c2b393fa5d
Reviewed-on: https://go-review.googlesource.com/c/go/+/289209
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/go1.17.html | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/go1.17.html b/doc/go1.17.html index 9328211c9a..f317006278 100644 --- a/doc/go1.17.html +++ b/doc/go1.17.html @@ -216,6 +216,13 @@ Do not send CLs removing the interior tags from such phrases. has no effect. </p> +<p><!-- CL 289209 --> + When <a href="/pkg/crypto/tls#Config">Config.NextProtos</a> is set, servers now + enforce that there is an overlap between the configured protocols and the protocols + advertised by the client, if any. If there is no overlap the connection is closed + with the <code>no_application_protocol</code> alert, as required by RFC 7301. +</p> + <h3 id="runtime/cgo"><a href="/pkg/runtime/cgo">Cgo</a></h3> <p> |