Skip to content

crypto/tls: FIPS 140-3 modes reject ECDSA w/ curve P-521/SHA-512 in TLS [1.24 backport] #72823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
gopherbot opened this issue Mar 12, 2025 · 2 comments
Closed

crypto/tls: FIPS 140-3 modes reject ECDSA w/ curve P-521/SHA-512 in TLS [1.24 backport] #72823

gopherbot opened this issue Mar 12, 2025 · 2 comments
Labels
CherryPickApproved Used during the release process for point releases
Milestone
Go1.24.2

Comments

@gopherbot
Copy link
Contributor

gopherbot commented Mar 12, 2025
edited by gabyhelp
Loading

@FiloSottile requested issue #71757 to be considered for backport to the next 1.24 minor release.

@gopherbot please open a backport change to Go 1.24 to revert the removal of P-521 in Go+BoringCrypto mode by cherry-picking CL 657095, as discussed above.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Mar 12, 2025
@gopherbot gopherbot mentioned this issue Mar 12, 2025
Closed
@gopherbot gopherbot added this to the Go1.24.2 milestone Mar 12, 2025
@gopherbot
Copy link
Contributor Author

Change https://go.dev/cl/657135 mentions this issue: [release-branch.go1.24] crypto/tls: allow P-521 in FIPS 140-3 mode and Go+BoringCrypto

@dr2chase dr2chase added the CherryPickApproved Used during the release process for point releases label Mar 12, 2025
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Mar 12, 2025
gopherbot pushed a commit that referenced this issue Mar 17, 2025
@FiloSottile @cherrymui
[release-branch.go1.24] crypto/tls: allow P-521 in FIPS 140-3 mode an…
bd1bc8a 
…d Go+BoringCrypto

Partially reverts CL 587296, restoring the Go+BoringCrypto 1.23 behavior
in terms of supported curves.

Updates #71757
Fixes #72823

Change-Id: I6a6a465651a8407056fd0fae091d10a945b37997
Reviewed-on: https://go-review.googlesource.com/c/go/+/657135
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-by: Daniel McCarney <[email protected]>
Reviewed-by: David Chase <[email protected]>
@gopherbot
Copy link
Contributor Author

Closed by merging CL 657135 (commit bd1bc8a) to release-branch.go1.24.

@Lekensteyn Lekensteyn mentioned this issue Mar 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases
Projects
None yet
Milestone
Go1.24.2
Development

No branches or pull requests
2 participants
@dr2chase @gopherbot