diff options
Diffstat (limited to 'src/crypto/tls/common.go')
-rw-r--r-- | src/crypto/tls/common.go | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index de833a9056..ac3176dd02 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -145,10 +145,10 @@ type signatureAndHash struct { hash, signature uint8 } -// supportedSignatureAlgorithms contains the signature and hash algorithms that +// defaultSupportedSignatureAlgorithms contains the signature and hash algorithms that // the code advertises as supported in a TLS 1.2 ClientHello and in a TLS 1.2 // CertificateRequest. -var supportedSignatureAlgorithms = []signatureAndHash{ +var defaultSupportedSignatureAlgorithms = []signatureAndHash{ {hashSHA256, signatureRSA}, {hashSHA256, signatureECDSA}, {hashSHA384, signatureRSA}, @@ -670,6 +670,9 @@ func (c *Config) time() time.Time { } func (c *Config) cipherSuites() []uint16 { + if needFIPS() { + return fipsCipherSuites(c) + } s := c.CipherSuites if s == nil { s = defaultCipherSuites() @@ -678,6 +681,9 @@ func (c *Config) cipherSuites() []uint16 { } func (c *Config) minVersion() uint16 { + if needFIPS() { + return fipsMinVersion(c) + } if c == nil || c.MinVersion == 0 { return minVersion } @@ -685,6 +691,9 @@ func (c *Config) minVersion() uint16 { } func (c *Config) maxVersion() uint16 { + if needFIPS() { + return fipsMaxVersion(c) + } if c == nil || c.MaxVersion == 0 { return maxVersion } @@ -694,6 +703,9 @@ func (c *Config) maxVersion() uint16 { var defaultCurvePreferences = []CurveID{X25519, CurveP256, CurveP384, CurveP521} func (c *Config) curvePreferences() []CurveID { + if needFIPS() { + return fipsCurvePreferences(c) + } if c == nil || len(c.CurvePreferences) == 0 { return defaultCurvePreferences } |