diff options
Diffstat (limited to 'src/crypto/tls/handshake_server_tls13.go')
-rw-r--r-- | src/crypto/tls/handshake_server_tls13.go | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go index c2c288aed4..3e1255919f 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go @@ -42,6 +42,10 @@ type serverHandshakeStateTLS13 struct { func (hs *serverHandshakeStateTLS13) handshake() error { c := hs.c + if needFIPS() { + return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode") + } + // For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2. if err := hs.processClientHello(); err != nil { return err @@ -164,7 +168,8 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error { // If we don't have hardware support for AES-GCM, prefer other AEAD // ciphers even if the client prioritized AES-GCM. - if !hasAESGCMHardwareSupport { + // If BoringCrypto is enabled, always prioritize AES-GCM. + if !hasAESGCMHardwareSupport && !boringEnabled { preferenceList = deprioritizeAES(preferenceList) } } @@ -597,7 +602,7 @@ func (hs *serverHandshakeStateTLS13) sendServerCertificate() error { certReq := new(certificateRequestMsgTLS13) certReq.ocspStapling = true certReq.scts = true - certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms + certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms() if c.config.ClientCAs != nil { certReq.certificateAuthorities = c.config.ClientCAs.Subjects() } @@ -816,7 +821,7 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error { } // See RFC 8446, Section 4.4.3. - if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms) { + if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms()) { c.sendAlert(alertIllegalParameter) return errors.New("tls: client certificate used with invalid signature algorithm") } |