supportedSignatureAlgorithms returns the supported signature algorithms for the given minimum TLS version, to advertise in ClientHello and CertificateRequest messages.
(minVers uint16)
| 1722 | // the given minimum TLS version, to advertise in ClientHello and |
| 1723 | // CertificateRequest messages. |
| 1724 | func supportedSignatureAlgorithms(minVers uint16) []SignatureScheme { |
| 1725 | sigAlgs := defaultSupportedSignatureAlgorithms() |
| 1726 | if fips140tls.Required() { |
| 1727 | sigAlgs = slices.DeleteFunc(sigAlgs, func(s SignatureScheme) bool { |
| 1728 | return !slices.Contains(allowedSignatureAlgorithmsFIPS, s) |
| 1729 | }) |
| 1730 | } |
| 1731 | if minVers > VersionTLS12 { |
| 1732 | sigAlgs = slices.DeleteFunc(sigAlgs, func(s SignatureScheme) bool { |
| 1733 | sigType, sigHash, _ := typeAndHashFromSignatureScheme(s) |
| 1734 | return sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 |
| 1735 | }) |
| 1736 | } |
| 1737 | return sigAlgs |
| 1738 | } |
| 1739 | |
| 1740 | // supportedSignatureAlgorithmsCert returns the supported algorithms for |
| 1741 | // signatures in certificates. |
no test coverage detected
searching dependent graphs…