crypto/tls: disable SHA-1 signature algorithms in TLS 1.2

This implements RFC 9155 by removing support for SHA-1 algorithms:

  - we don't advertise them in ClientHello and CertificateRequest
    (where supportedSignatureAlgorithms is used directly)

  - we don't select them in our ServerKeyExchange and CertificateVerify
    (where supportedSignatureAlgorithms filters signatureSchemesForCertificate)

  - we reject them in the peer's ServerKeyExchange and CertificateVerify
    (where we check against the algorithms we advertised in ClientHello
    and CertificateRequest)
  
Fixes #72883

Change-Id: I6a6a4656e2aafd2c38cdd32090d3d8a9a8047818
Reviewed-on: https://go-review.googlesource.com/c/go/+/658216
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>

1 files changed, 4 insertions, 0 deletions

diff --git a/src/runtime/metrics/doc.go b/src/runtime/metrics/doc.go
index 8204e87fd1..7ef09be2fc 100644
--- a/src/runtime/metrics/doc.go
+++ b/src/runtime/metrics/doc.go
@@ -350,6 +350,10 @@ Below is the full list of supported metrics, ordered lexicographically.
 		The number of non-default behaviors executed by the crypto/tls
 		package due to a non-default GODEBUG=tlsrsakex=... setting.
 
+	/godebug/non-default-behavior/tlssha1:events
+		The number of non-default behaviors executed by the crypto/tls
+		package due to a non-default GODEBUG=tlssha1=... setting.
+
 	/godebug/non-default-behavior/tlsunsafeekm:events
 		The number of non-default behaviors executed by the crypto/tls
 		package due to a non-default GODEBUG=tlsunsafeekm=... setting.