diff options
Diffstat (limited to 'src/crypto/tls/common.go')
-rw-r--r-- | src/crypto/tls/common.go | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index 646b107958..74e75321ac 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -133,11 +133,11 @@ const ( signatureECDSA uint8 = 3 ) -// supportedSignatureAlgorithms contains the signature and hash algorithms that +// defaultSupportedSignatureAlgorithms contains the signature and hash algorithms that // the code advertises as supported in a TLS 1.2 ClientHello and in a TLS 1.2 // CertificateRequest. The two fields are merged to match with TLS 1.3. // Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc. -var supportedSignatureAlgorithms = []SignatureScheme{ +var defaultSupportedSignatureAlgorithms = []SignatureScheme{ PKCS1WithSHA256, ECDSAWithP256AndSHA256, PKCS1WithSHA384, @@ -659,6 +659,9 @@ func (c *Config) time() time.Time { } func (c *Config) cipherSuites() []uint16 { + if needFIPS() { + return fipsCipherSuites(c) + } s := c.CipherSuites if s == nil { s = defaultCipherSuites() @@ -667,6 +670,9 @@ func (c *Config) cipherSuites() []uint16 { } func (c *Config) minVersion() uint16 { + if needFIPS() { + return fipsMinVersion(c) + } if c == nil || c.MinVersion == 0 { return minVersion } @@ -674,6 +680,9 @@ func (c *Config) minVersion() uint16 { } func (c *Config) maxVersion() uint16 { + if needFIPS() { + return fipsMaxVersion(c) + } if c == nil || c.MaxVersion == 0 { return maxVersion } @@ -683,6 +692,9 @@ func (c *Config) maxVersion() uint16 { var defaultCurvePreferences = []CurveID{X25519, CurveP256, CurveP384, CurveP521} func (c *Config) curvePreferences() []CurveID { + if needFIPS() { + return fipsCurvePreferences(c) + } if c == nil || len(c.CurvePreferences) == 0 { return defaultCurvePreferences } |