-
Notifications
You must be signed in to change notification settings - Fork 411
Expand file tree
/
Copy pathdefaults.go
More file actions
127 lines (114 loc) · 3.86 KB
/
defaults.go
File metadata and controls
127 lines (114 loc) · 3.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
// Copyright 2024 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package reality
import (
"slices"
_ "unsafe" // for linkname
)
// Defaults are collected in this file to allow distributions to more easily patch
// them to apply local policies.
//var tlsmlkem = godebug.New("tlsmlkem")
// defaultCurvePreferences is the default set of supported key exchanges, as
// well as the preference order.
func defaultCurvePreferences() []CurveID {
if false {
return []CurveID{X25519, CurveP256, CurveP384, CurveP521}
}
return []CurveID{X25519MLKEM768, X25519, CurveP256, CurveP384, CurveP521}
}
//var tlssha1 = godebug.New("tlssha1")
// defaultSupportedSignatureAlgorithms returns the signature and hash algorithms that
// the code advertises and supports in a TLS 1.2+ ClientHello and in a TLS 1.2+
// CertificateRequest. The two fields are merged to match with TLS 1.3.
// Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc.
func defaultSupportedSignatureAlgorithms() []SignatureScheme {
return []SignatureScheme{
PSSWithSHA256,
ECDSAWithP256AndSHA256,
Ed25519,
PSSWithSHA384,
PSSWithSHA512,
PKCS1WithSHA256,
PKCS1WithSHA384,
PKCS1WithSHA512,
ECDSAWithP384AndSHA384,
ECDSAWithP521AndSHA512,
}
}
// defaultSupportedSignatureAlgorithmsCert returns the signature algorithms that
// the code advertises as supported for signatures in certificates.
//
// We include all algorithms, including SHA-1 and PKCS#1 v1.5, because it's more
// likely that something on our side will be willing to accept a *-with-SHA1
// certificate (e.g. with a custom VerifyConnection or by a direct match with
// the CertPool), than that the peer would have a better certificate but is just
// choosing not to send it. crypto/x509 will refuse to verify important SHA-1
// signatures anyway.
func defaultSupportedSignatureAlgorithmsCert() []SignatureScheme {
return []SignatureScheme{
PSSWithSHA256,
ECDSAWithP256AndSHA256,
Ed25519,
PSSWithSHA384,
PSSWithSHA512,
PKCS1WithSHA256,
PKCS1WithSHA384,
PKCS1WithSHA512,
ECDSAWithP384AndSHA384,
ECDSAWithP521AndSHA512,
PKCS1WithSHA1,
ECDSAWithSHA1,
}
}
//var tlsrsakex = godebug.New("tlsrsakex")
//var tls3des = godebug.New("tls3des")
func supportedCipherSuites(aesGCMPreferred bool) []uint16 {
if aesGCMPreferred {
return slices.Clone(cipherSuitesPreferenceOrder)
} else {
return slices.Clone(cipherSuitesPreferenceOrderNoAES)
}
}
func defaultCipherSuites(aesGCMPreferred bool) []uint16 {
cipherSuites := supportedCipherSuites(aesGCMPreferred)
return slices.DeleteFunc(cipherSuites, func(c uint16) bool {
return disabledCipherSuites[c] ||
rsaKexCiphers[c] ||
tdesCiphers[c]
})
}
// defaultCipherSuitesTLS13 is also the preference order, since there are no
// disabled by default TLS 1.3 cipher suites. The same AES vs ChaCha20 logic as
// cipherSuitesPreferenceOrder applies.
//
// defaultCipherSuitesTLS13 should be an internal detail,
// but widely used packages access it using linkname.
// Notable members of the hall of shame include:
// - github.com/quic-go/quic-go
// - github.com/sagernet/quic-go
//
// Do not remove or change the type signature.
// See go.dev/issue/67401.
//
//go:linkname defaultCipherSuitesTLS13
var defaultCipherSuitesTLS13 = []uint16{
TLS_AES_128_GCM_SHA256,
TLS_AES_256_GCM_SHA384,
TLS_CHACHA20_POLY1305_SHA256,
}
// defaultCipherSuitesTLS13NoAES should be an internal detail,
// but widely used packages access it using linkname.
// Notable members of the hall of shame include:
// - github.com/quic-go/quic-go
// - github.com/sagernet/quic-go
//
// Do not remove or change the type signature.
// See go.dev/issue/67401.
//
//go:linkname defaultCipherSuitesTLS13NoAES
var defaultCipherSuitesTLS13NoAES = []uint16{
TLS_CHACHA20_POLY1305_SHA256,
TLS_AES_128_GCM_SHA256,
TLS_AES_256_GCM_SHA384,
}