aboutsummaryrefslogtreecommitdiff
path: root/src/crypto/tls/testdata/Server-TLSv12-RSA-AES
diff options
context:
space:
mode:
authorFilippo Valsorda <filippo@golang.org>2019-06-13 18:33:33 -0400
committerFilippo Valsorda <filippo@golang.org>2019-06-19 19:59:14 +0000
commit0b3a57b5374bba3fdf88258e2be4c8be65e6a5de (patch)
tree60f2c993a944c3c0f7f82a5c265ac8d5d956b375 /src/crypto/tls/testdata/Server-TLSv12-RSA-AES
parent0ab1cc33ef35147b0e1248f2a9d669ae193d6b3e (diff)
downloadgo-0b3a57b5374bba3fdf88258e2be4c8be65e6a5de.tar.xz
crypto/tls: disable RSA-PSS in TLS 1.2 again
Signing with RSA-PSS can uncover faulty crypto.Signer implementations, and it can fail for (broken) small keys. We'll have to take that breakage eventually, but it would be nice for it to be opt-out at first. TLS 1.3 requires RSA-PSS and is opt-out in Go 1.13. Instead of making a TLS 1.3 opt-out influence a TLS 1.2 behavior, let's wait to add RSA-PSS to TLS 1.2 until TLS 1.3 is on without opt-out. Note that since the Client Hello is sent before a protocol version is selected, we have to advertise RSA-PSS there to support TLS 1.3. That means that we still support RSA-PSS on the client in TLS 1.2 for verifying server certificates, which is fine, as all issues arise on the signing side. We have to be careful not to pick (or consider available) RSA-PSS on the client for client certificates, though. We'd expect tests to change only in TLS 1.2: * the server won't pick PSS to sign the key exchange (Server-TLSv12-* w/ RSA, TestHandshakeServerRSAPSS); * the server won't advertise PSS in CertificateRequest (Server-TLSv12-ClientAuthRequested*, TestClientAuth); * and the client won't pick PSS for its CertificateVerify (Client-TLSv12-ClientCert-RSA-*, TestHandshakeClientCertRSAPSS, Client-TLSv12-Renegotiate* because "R" requests a client cert). Client-TLSv13-ClientCert-RSA-RSAPSS was updated because of a fix in the test. This effectively reverts 88343530720a52c96b21f2bd5488c8fb607605d7. Testing was made more complex by the undocumented semantics of OpenSSL's -[client_]sigalgs (see openssl/openssl#9172). Updates #32425 Change-Id: Iaddeb2df1f5c75cd090cc8321df2ac8e8e7db349 Reviewed-on: https://go-review.googlesource.com/c/go/+/182339 Reviewed-by: Adam Langley <agl@golang.org>
Diffstat (limited to 'src/crypto/tls/testdata/Server-TLSv12-RSA-AES')
-rw-r--r--src/crypto/tls/testdata/Server-TLSv12-RSA-AES54
1 files changed, 27 insertions, 27 deletions
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES
index e4d773d4c4..25f1269e3a 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 97 01 00 00 93 03 03 41 7b 60 d8 f5 |...........A{`..|
-00000010 1c 4a 95 f9 03 de 94 0c b6 34 94 3c 6e 82 f2 de |.J.......4.<n...|
-00000020 2c 28 00 98 02 56 5e 8d 53 60 da 00 00 04 00 2f |,(...V^.S`...../|
+00000000 16 03 01 00 97 01 00 00 93 03 03 1b 05 dc 80 93 |................|
+00000010 90 62 51 a6 ce 10 03 8e f1 02 71 53 b0 9f 80 96 |.bQ.......qS....|
+00000020 a0 48 c9 6f 1d df d9 cd 82 43 48 00 00 04 00 2f |.H.o.....CH..../|
00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
@@ -53,31 +53,31 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 15 eb 41 72 e4 |.............Ar.|
-00000010 cf 0f 8b bb 9a ea aa 2a f1 dc 2e c9 db d8 cf bd |.......*........|
-00000020 5e fb 86 30 98 b4 22 62 a5 32 d0 e6 3d 38 49 1a |^..0.."b.2..=8I.|
-00000030 70 6f fa d3 81 c0 8d 00 c6 cd 80 b6 ed 26 8b 98 |po...........&..|
-00000040 3a 26 8b 8e 88 ba 61 a6 8e 19 5a 0e 51 bb 4e 9e |:&....a...Z.Q.N.|
-00000050 a9 21 09 77 cf 42 eb 26 90 3a 08 bb c5 89 88 2c |.!.w.B.&.:.....,|
-00000060 19 db b3 1c 7a d0 60 76 be 9a d5 0c ec df dd 11 |....z.`v........|
-00000070 9e a0 85 a5 36 3d 07 f7 36 47 52 92 cd 84 7b 2e |....6=..6GR...{.|
-00000080 13 18 47 58 8a 00 4b 39 59 bb da 14 03 03 00 01 |..GX..K9Y.......|
-00000090 01 16 03 03 00 40 16 0e 0a 79 db 54 11 36 73 af |.....@...y.T.6s.|
-000000a0 eb cb 9d e8 b4 42 1a f8 94 f0 fb d1 60 f8 9f 9d |.....B......`...|
-000000b0 ba 87 f6 27 ef 54 e4 f9 f7 1f a7 61 f5 82 1a 40 |...'.T.....a...@|
-000000c0 96 81 f6 14 db 89 ec 8b 0c 37 ba 11 55 94 d3 df |.........7..U...|
-000000d0 df 8d 61 ec a7 43 |..a..C|
+00000000 16 03 03 00 86 10 00 00 82 00 80 c7 bb d2 ee 1a |................|
+00000010 38 b1 7b 2f ad ec e6 63 d3 11 f9 69 b6 7e b9 58 |8.{/...c...i.~.X|
+00000020 79 37 c9 6e e5 6b 1e ce e5 b7 1f 69 ec 2c 71 94 |y7.n.k.....i.,q.|
+00000030 f7 27 16 66 14 24 bd bb ca ac 80 20 68 46 6e b8 |.'.f.$..... hFn.|
+00000040 3e f4 82 07 0a b7 0c 74 a5 66 1a 86 48 52 6e 80 |>......t.f..HRn.|
+00000050 a1 88 a3 12 8c c9 ef fc 5c 90 a8 f5 2f 0a 69 ba |........\.../.i.|
+00000060 ce 73 48 ca 25 ea be 3c 9f 1b b6 1c e9 d7 1d bf |.sH.%..<........|
+00000070 38 0d 6f a1 ed c0 22 16 40 51 2e c3 78 5b 69 8a |8.o...".@Q..x[i.|
+00000080 91 30 5b 15 b1 a5 c5 ea 5f 34 38 14 03 03 00 01 |.0[....._48.....|
+00000090 01 16 03 03 00 40 78 f5 31 97 86 f4 48 5c 74 8f |.....@x.1...H\t.|
+000000a0 ac b9 49 42 cb 83 e6 d9 bc a4 6f cc 3f f3 54 66 |..IB......o.?.Tf|
+000000b0 93 01 2c 1a e3 b4 08 09 f8 41 d4 fe 2d fa ab a9 |..,......A..-...|
+000000c0 f1 47 39 13 82 11 9e 7f 04 78 08 df 13 74 97 6c |.G9......x...t.l|
+000000d0 ba ac a8 26 90 2e |...&..|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 ef 1a ed 92 e1 |................|
-00000020 e1 81 1e a8 e1 ff 2b 2b 64 89 17 55 2d ce eb be |......++d..U-...|
-00000030 17 a6 b8 a7 55 8a c4 3b 8a 5a c7 56 7c b5 90 c9 |....U..;.Z.V|...|
-00000040 19 bc 13 07 50 91 42 2a 46 13 d1 17 03 03 00 40 |....P.B*F......@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 53 48 ab 5a 17 |...........SH.Z.|
+00000020 07 e4 14 04 4d 96 ae 33 b7 e7 6b 37 10 34 98 66 |....M..3..k7.4.f|
+00000030 b8 38 6b 30 53 17 3e af 80 34 a6 29 0c 3b 8b 05 |.8k0S.>..4.).;..|
+00000040 53 d6 53 fb 65 e3 ec 05 16 f2 c7 17 03 03 00 40 |S.S.e..........@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 9e fe 95 fa 67 a5 af 14 f0 80 fd 65 65 ac 0a 91 |....g......ee...|
-00000070 4a 1d 4a c3 de 3f 35 a7 de 10 94 55 b0 8f be e6 |J.J..?5....U....|
-00000080 76 a2 74 4c 89 47 b9 10 8f 78 a9 01 6b ac bb d9 |v.tL.G...x..k...|
+00000060 46 14 e6 50 23 20 15 9f a4 cc 39 69 43 e7 35 ea |F..P# ....9iC.5.|
+00000070 3c c3 71 a6 65 dc ba 66 7b 3e b8 8d bc cc 1b f5 |<.q.e..f{>......|
+00000080 2b 65 55 9b 35 c7 30 08 ff 0b 7c b7 bb 75 f1 5c |+eU.5.0...|..u.\|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 36 ce 1a 97 3e e3 0e 62 74 70 10 |.....6...>..btp.|
-000000b0 ec a5 30 16 1f 2d e0 5b c9 38 4d fb 61 2e 45 35 |..0..-.[.8M.a.E5|
-000000c0 4b 69 da 43 39 |Ki.C9|
+000000a0 00 00 00 00 00 83 b1 d6 5e 78 d8 7d 8f 22 a2 c9 |........^x.}."..|
+000000b0 81 2d 47 ed 7e a5 65 10 af a0 b4 01 be b3 70 a8 |.-G.~.e.......p.|
+000000c0 9f 5a 07 87 f5 |.Z...|
generated by cgit v1.3 (git 2.53.0) at 2026-04-15 14:57:47 +0000