]> Cypherpunks.ru repositories - gostls13.git/blobdiff - src/crypto/tls/auth.go
projects / gostls13.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[dev.boringcrypto] all: merge master into dev.boringcrypto
[gostls13.git] / src / crypto / tls / auth.go
diff --git a/src/crypto/tls/auth.go b/src/crypto/tls/auth.go
index 3ae2256620bef552096774410edbf91144655e5d..53bd4d46827929fa67957844f41cb6b493dd162f 100644 (file)
--- a/src/crypto/tls/auth.go
+++ b/src/crypto/tls/auth.go
@@ -227,6 +227,9 @@ func selectSignatureScheme(vers uint16, c *Certificate, peerAlgs []SignatureSche
        // Pick signature scheme in the peer's preference order, as our
        // preference order is not configurable.
        for _, preferredAlg := range peerAlgs {
+               if needFIPS() && !isSupportedSignatureAlgorithm(preferredAlg, fipsSupportedSignatureAlgorithms) {
+                       continue
+               }
                if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) {
                        return preferredAlg, nil
                }
Go GOST TLS 1.3