signatureECDSA uint8 = 3
)
-// supportedSignatureAlgorithms contains the signature and hash algorithms that
+// defaultSupportedSignatureAlgorithms contains the signature and hash algorithms that
// the code advertises as supported in a TLS 1.2 ClientHello and in a TLS 1.2
// CertificateRequest. The two fields are merged to match with TLS 1.3.
// Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc.
-var supportedSignatureAlgorithms = []SignatureScheme{
+var defaultSupportedSignatureAlgorithms = []SignatureScheme{
PKCS1WithSHA256,
ECDSAWithP256AndSHA256,
PKCS1WithSHA384,
}
func (c *Config) cipherSuites() []uint16 {
+ if needFIPS() {
+ return fipsCipherSuites(c)
+ }
s := c.CipherSuites
if s == nil {
s = defaultCipherSuites()
}
func (c *Config) minVersion() uint16 {
+ if needFIPS() {
+ return fipsMinVersion(c)
+ }
if c == nil || c.MinVersion == 0 {
return minVersion
}
}
func (c *Config) maxVersion() uint16 {
+ if needFIPS() {
+ return fipsMaxVersion(c)
+ }
if c == nil || c.MaxVersion == 0 {
return maxVersion
}
var defaultCurvePreferences = []CurveID{X25519, CurveP256, CurveP384, CurveP521}
func (c *Config) curvePreferences() []CurveID {
+ if needFIPS() {
+ return fipsCurvePreferences(c)
+ }
if c == nil || len(c.CurvePreferences) == 0 {
return defaultCurvePreferences
}