Source File
defaults.go
Belonging Package
crypto/tls
// Copyright 2024 The Go Authors. All rights reserved.// Use of this source code is governed by a BSD-style// license that can be found in the LICENSE file.package tlsimport (_ // for linkname)// Defaults are collected in this file to allow distributions to more easily patch// them to apply local policies.var tlsmlkem = godebug.New("tlsmlkem")// defaultCurvePreferences is the default set of supported key exchanges, as// well as the preference order.func () []CurveID {if tlsmlkem.Value() == "0" {return []CurveID{X25519, CurveP256, CurveP384, CurveP521}}return []CurveID{X25519MLKEM768, X25519, CurveP256, CurveP384, CurveP521}}// defaultSupportedSignatureAlgorithms contains the signature and hash algorithms that// the code advertises as supported in a TLS 1.2+ ClientHello and in a TLS 1.2+// CertificateRequest. The two fields are merged to match with TLS 1.3.// Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc.var defaultSupportedSignatureAlgorithms = []SignatureScheme{PSSWithSHA256,ECDSAWithP256AndSHA256,Ed25519,PSSWithSHA384,PSSWithSHA512,PKCS1WithSHA256,PKCS1WithSHA384,PKCS1WithSHA512,ECDSAWithP384AndSHA384,ECDSAWithP521AndSHA512,PKCS1WithSHA1,ECDSAWithSHA1,}var tlsrsakex = godebug.New("tlsrsakex")var tls3des = godebug.New("tls3des")func () []uint16 {:= slices.Clone(cipherSuitesPreferenceOrder)return slices.DeleteFunc(, func( uint16) bool {return disabledCipherSuites[] ||tlsrsakex.Value() != "1" && rsaKexCiphers[] ||tls3des.Value() != "1" && tdesCiphers[]})}// defaultCipherSuitesTLS13 is also the preference order, since there are no// disabled by default TLS 1.3 cipher suites. The same AES vs ChaCha20 logic as// cipherSuitesPreferenceOrder applies.//// defaultCipherSuitesTLS13 should be an internal detail,// but widely used packages access it using linkname.// Notable members of the hall of shame include:// - github.com/quic-go/quic-go// - github.com/sagernet/quic-go//// Do not remove or change the type signature.// See go.dev/issue/67401.////go:linkname defaultCipherSuitesTLS13var defaultCipherSuitesTLS13 = []uint16{TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,}// defaultCipherSuitesTLS13NoAES should be an internal detail,// but widely used packages access it using linkname.// Notable members of the hall of shame include:// - github.com/quic-go/quic-go// - github.com/sagernet/quic-go//// Do not remove or change the type signature.// See go.dev/issue/67401.////go:linkname defaultCipherSuitesTLS13NoAESvar defaultCipherSuitesTLS13NoAES = []uint16{TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,}// The FIPS-only policies below match BoringSSL's// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2, with// minor changes per https://go.dev/issue/71757.// https://cs.opensource.google/boringssl/boringssl/+/master:ssl/ssl_lib.cc;l=3289;drc=ea7a88favar defaultSupportedVersionsFIPS = []uint16{VersionTLS12,VersionTLS13,}// defaultCurvePreferencesFIPS are the FIPS-allowed curves,// in preference order (most preferable first).var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384, CurveP521}// defaultSupportedSignatureAlgorithmsFIPS currently are a subset of// defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1.var defaultSupportedSignatureAlgorithmsFIPS = []SignatureScheme{PSSWithSHA256,PSSWithSHA384,PSSWithSHA512,PKCS1WithSHA256,ECDSAWithP256AndSHA256,PKCS1WithSHA384,ECDSAWithP384AndSHA384,PKCS1WithSHA512,ECDSAWithP521AndSHA512,}// defaultCipherSuitesFIPS are the FIPS-allowed cipher suites.var defaultCipherSuitesFIPS = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,}// defaultCipherSuitesTLS13FIPS are the FIPS-allowed cipher suites for TLS 1.3.var defaultCipherSuitesTLS13FIPS = []uint16{TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,}
The pages are generated with Golds v0.7.6. (GOOS=linux GOARCH=amd64)