Loading common.go +16 −6 Original line number Diff line number Diff line Loading @@ -1084,7 +1084,7 @@ func (c *Config) time() time.Time { return t() } var tlsrsakex = godebug.New("tlsrsakex") // var tlsrsakex = godebug.New("tlsrsakex") // [UTLS] unsupported func (c *Config) cipherSuites() []uint16 { if needFIPS() { Loading @@ -1093,9 +1093,13 @@ func (c *Config) cipherSuites() []uint16 { if c.CipherSuites != nil { return c.CipherSuites } if tlsrsakex.Value() == "1" { return defaultCipherSuitesWithRSAKex } // [uTLS SECTION BEGIN] // Disable unsupported godebug package // if tlsrsakex.Value() == "1" { // return defaultCipherSuitesWithRSAKex // } // [uTLS SECTION END] return defaultCipherSuites } Loading @@ -1111,7 +1115,7 @@ var supportedVersions = []uint16{ const roleClient = true const roleServer = false var tls10server = godebug.New("tls10server") // var tls10server = godebug.New("tls10server") // [UTLS] unsupported func (c *Config) supportedVersions(isClient bool) []uint16 { versions := make([]uint16, 0, len(supportedVersions)) Loading @@ -1120,9 +1124,15 @@ func (c *Config) supportedVersions(isClient bool) []uint16 { continue } if (c == nil || c.MinVersion == 0) && v < VersionTLS12 { if isClient || tls10server.Value() != "1" { // [uTLS SECTION BEGIN] // Disable unsupported godebug package // if isClient || tls10server.Value() != "1" { // continue // } if isClient { continue } // [uTLS SECTION END] } if c != nil && c.MinVersion != 0 && v < c.MinVersion { continue Loading conn.go +8 −5 Original line number Diff line number Diff line Loading @@ -1610,7 +1610,7 @@ func (c *Conn) ConnectionState() ConnectionState { return c.connectionStateLocked() } var tlsunsafeekm = godebug.New("tlsunsafeekm") // var tlsunsafeekm = godebug.New("tlsunsafeekm") // [uTLS] unsupportted func (c *Conn) connectionStateLocked() ConnectionState { var state ConnectionState Loading @@ -1636,10 +1636,13 @@ func (c *Conn) connectionStateLocked() ConnectionState { state.ekm = noEKMBecauseRenegotiation } else if c.vers != VersionTLS13 && !c.extMasterSecret { state.ekm = func(label string, context []byte, length int) ([]byte, error) { if tlsunsafeekm.Value() == "1" { tlsunsafeekm.IncNonDefault() return c.ekm(label, context, length) } // [uTLS SECTION START] // Disabling unsupported godebug package // if tlsunsafeekm.Value() == "1" { // tlsunsafeekm.IncNonDefault() // return c.ekm(label, context, length) // } // [uTLS SECTION END] return noEKMBecauseNoEMS(label, context, length) } } else { Loading handshake_client.go +18 −13 Original line number Diff line number Diff line Loading @@ -19,7 +19,6 @@ import ( "hash" "io" "net" "strconv" "strings" "time" Loading Loading @@ -593,9 +592,12 @@ func (hs *clientHandshakeState) pickCipherSuite() error { return errors.New("tls: server chose an unconfigured cipher suite") } if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { tlsrsakex.IncNonDefault() } // [UTLS SECTION START] // Disable unsupported godebug packages // if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { // tlsrsakex.IncNonDefault() // } // [UTLS SECTION END] hs.c.cipherSuite = hs.suite.id return nil Loading Loading @@ -1017,17 +1019,20 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error { // to verify the signatures of during a TLS handshake. const defaultMaxRSAKeySize = 8192 var tlsmaxrsasize = godebug.New("tlsmaxrsasize") // var tlsmaxrsasize = godebug.New("tlsmaxrsasize") // [uTLS] unused func checkKeySize(n int) (max int, ok bool) { if v := tlsmaxrsasize.Value(); v != "" { if max, err := strconv.Atoi(v); err == nil { if (n <= max) != (n <= defaultMaxRSAKeySize) { tlsmaxrsasize.IncNonDefault() } return max, n <= max } } // [uTLS SECTION START] // Disable the unsupported godebug package // if v := tlsmaxrsasize.Value(); v != "" { // if max, err := strconv.Atoi(v); err == nil { // if (n <= max) != (n <= defaultMaxRSAKeySize) { // tlsmaxrsasize.IncNonDefault() // } // return max, n <= max // } // } // [uTLS SECTION END] return defaultMaxRSAKeySize, n <= defaultMaxRSAKeySize } Loading handshake_server.go +12 −6 Original line number Diff line number Diff line Loading @@ -171,9 +171,12 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) { c.in.version = c.vers c.out.version = c.vers if c.config.MinVersion == 0 && c.vers < VersionTLS12 { tls10server.IncNonDefault() } // [UTLS SECTION BEGIN] // Disable unsupported godebug package // if c.config.MinVersion == 0 && c.vers < VersionTLS12 { // tls10server.IncNonDefault() // } // [UTLS SECTION END] return clientHello, nil } Loading Loading @@ -373,9 +376,12 @@ func (hs *serverHandshakeState) pickCipherSuite() error { } c.cipherSuite = hs.suite.id if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { tlsrsakex.IncNonDefault() } // [UTLS SECTION BEGIN] // Disable unsupported godebug package // if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { // tlsrsakex.IncNonDefault() // } // [UTLS SECTION END] for _, id := range hs.clientHello.cipherSuites { if id == TLS_FALLBACK_SCSV { Loading handshake_server_tls13.go +0 −21 Original line number Diff line number Diff line Loading @@ -276,27 +276,6 @@ GroupSelection: } } selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, c.quic != nil) if err != nil { c.sendAlert(alertNoApplicationProtocol) return err } c.clientProtocol = selectedProto if c.quic != nil { if hs.clientHello.quicTransportParameters == nil { // RFC 9001 Section 8.2. c.sendAlert(alertMissingExtension) return errors.New("tls: client did not send a quic_transport_parameters extension") } c.quicSetTransportParameters(hs.clientHello.quicTransportParameters) } else { if hs.clientHello.quicTransportParameters != nil { c.sendAlert(alertUnsupportedExtension) return errors.New("tls: client sent an unexpected quic_transport_parameters extension") } } c.serverName = hs.clientHello.serverName return nil } Loading Loading
common.go +16 −6 Original line number Diff line number Diff line Loading @@ -1084,7 +1084,7 @@ func (c *Config) time() time.Time { return t() } var tlsrsakex = godebug.New("tlsrsakex") // var tlsrsakex = godebug.New("tlsrsakex") // [UTLS] unsupported func (c *Config) cipherSuites() []uint16 { if needFIPS() { Loading @@ -1093,9 +1093,13 @@ func (c *Config) cipherSuites() []uint16 { if c.CipherSuites != nil { return c.CipherSuites } if tlsrsakex.Value() == "1" { return defaultCipherSuitesWithRSAKex } // [uTLS SECTION BEGIN] // Disable unsupported godebug package // if tlsrsakex.Value() == "1" { // return defaultCipherSuitesWithRSAKex // } // [uTLS SECTION END] return defaultCipherSuites } Loading @@ -1111,7 +1115,7 @@ var supportedVersions = []uint16{ const roleClient = true const roleServer = false var tls10server = godebug.New("tls10server") // var tls10server = godebug.New("tls10server") // [UTLS] unsupported func (c *Config) supportedVersions(isClient bool) []uint16 { versions := make([]uint16, 0, len(supportedVersions)) Loading @@ -1120,9 +1124,15 @@ func (c *Config) supportedVersions(isClient bool) []uint16 { continue } if (c == nil || c.MinVersion == 0) && v < VersionTLS12 { if isClient || tls10server.Value() != "1" { // [uTLS SECTION BEGIN] // Disable unsupported godebug package // if isClient || tls10server.Value() != "1" { // continue // } if isClient { continue } // [uTLS SECTION END] } if c != nil && c.MinVersion != 0 && v < c.MinVersion { continue Loading
conn.go +8 −5 Original line number Diff line number Diff line Loading @@ -1610,7 +1610,7 @@ func (c *Conn) ConnectionState() ConnectionState { return c.connectionStateLocked() } var tlsunsafeekm = godebug.New("tlsunsafeekm") // var tlsunsafeekm = godebug.New("tlsunsafeekm") // [uTLS] unsupportted func (c *Conn) connectionStateLocked() ConnectionState { var state ConnectionState Loading @@ -1636,10 +1636,13 @@ func (c *Conn) connectionStateLocked() ConnectionState { state.ekm = noEKMBecauseRenegotiation } else if c.vers != VersionTLS13 && !c.extMasterSecret { state.ekm = func(label string, context []byte, length int) ([]byte, error) { if tlsunsafeekm.Value() == "1" { tlsunsafeekm.IncNonDefault() return c.ekm(label, context, length) } // [uTLS SECTION START] // Disabling unsupported godebug package // if tlsunsafeekm.Value() == "1" { // tlsunsafeekm.IncNonDefault() // return c.ekm(label, context, length) // } // [uTLS SECTION END] return noEKMBecauseNoEMS(label, context, length) } } else { Loading
handshake_client.go +18 −13 Original line number Diff line number Diff line Loading @@ -19,7 +19,6 @@ import ( "hash" "io" "net" "strconv" "strings" "time" Loading Loading @@ -593,9 +592,12 @@ func (hs *clientHandshakeState) pickCipherSuite() error { return errors.New("tls: server chose an unconfigured cipher suite") } if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { tlsrsakex.IncNonDefault() } // [UTLS SECTION START] // Disable unsupported godebug packages // if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { // tlsrsakex.IncNonDefault() // } // [UTLS SECTION END] hs.c.cipherSuite = hs.suite.id return nil Loading Loading @@ -1017,17 +1019,20 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error { // to verify the signatures of during a TLS handshake. const defaultMaxRSAKeySize = 8192 var tlsmaxrsasize = godebug.New("tlsmaxrsasize") // var tlsmaxrsasize = godebug.New("tlsmaxrsasize") // [uTLS] unused func checkKeySize(n int) (max int, ok bool) { if v := tlsmaxrsasize.Value(); v != "" { if max, err := strconv.Atoi(v); err == nil { if (n <= max) != (n <= defaultMaxRSAKeySize) { tlsmaxrsasize.IncNonDefault() } return max, n <= max } } // [uTLS SECTION START] // Disable the unsupported godebug package // if v := tlsmaxrsasize.Value(); v != "" { // if max, err := strconv.Atoi(v); err == nil { // if (n <= max) != (n <= defaultMaxRSAKeySize) { // tlsmaxrsasize.IncNonDefault() // } // return max, n <= max // } // } // [uTLS SECTION END] return defaultMaxRSAKeySize, n <= defaultMaxRSAKeySize } Loading
handshake_server.go +12 −6 Original line number Diff line number Diff line Loading @@ -171,9 +171,12 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) { c.in.version = c.vers c.out.version = c.vers if c.config.MinVersion == 0 && c.vers < VersionTLS12 { tls10server.IncNonDefault() } // [UTLS SECTION BEGIN] // Disable unsupported godebug package // if c.config.MinVersion == 0 && c.vers < VersionTLS12 { // tls10server.IncNonDefault() // } // [UTLS SECTION END] return clientHello, nil } Loading Loading @@ -373,9 +376,12 @@ func (hs *serverHandshakeState) pickCipherSuite() error { } c.cipherSuite = hs.suite.id if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { tlsrsakex.IncNonDefault() } // [UTLS SECTION BEGIN] // Disable unsupported godebug package // if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { // tlsrsakex.IncNonDefault() // } // [UTLS SECTION END] for _, id := range hs.clientHello.cipherSuites { if id == TLS_FALLBACK_SCSV { Loading
handshake_server_tls13.go +0 −21 Original line number Diff line number Diff line Loading @@ -276,27 +276,6 @@ GroupSelection: } } selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, c.quic != nil) if err != nil { c.sendAlert(alertNoApplicationProtocol) return err } c.clientProtocol = selectedProto if c.quic != nil { if hs.clientHello.quicTransportParameters == nil { // RFC 9001 Section 8.2. c.sendAlert(alertMissingExtension) return errors.New("tls: client did not send a quic_transport_parameters extension") } c.quicSetTransportParameters(hs.clientHello.quicTransportParameters) } else { if hs.clientHello.quicTransportParameters != nil { c.sendAlert(alertUnsupportedExtension) return errors.New("tls: client sent an unexpected quic_transport_parameters extension") } } c.serverName = hs.clientHello.serverName return nil } Loading