diff options
Diffstat (limited to 'src/crypto/tls/conn.go')
| -rw-r--r-- | src/crypto/tls/conn.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go index 1eefb17206..f50b511f68 100644 --- a/src/crypto/tls/conn.go +++ b/src/crypto/tls/conn.go @@ -1414,6 +1414,11 @@ func (c *Conn) closeNotify() error { // // For control over canceling or setting a timeout on a handshake, use // HandshakeContext or the Dialer's DialContext method instead. +// +// In order to avoid denial of service attacks, the maximum RSA key size allowed +// in certificates sent by either the TLS server or client is limited to 8192 +// bits. This limit can be overridden by setting tlsmaxrsasize in the GODEBUG +// environment variable (e.g. GODEBUG=tlsmaxrsasize=4096). func (c *Conn) Handshake() error { return c.HandshakeContext(context.Background()) } |