The [`jstmpllitinterp` setting](/pkg/html/template#hdr-Security_Model) no longer has
any effect.
+Go 1.23 changed the default TLS cipher suites used by clients and servers when
+not explicitly configured, removing 3DES cipher suites. The default can be reverted
+using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites).
+
### Go 1.22
Go 1.22 adds a configurable limit to control the maximum acceptable RSA key size
--- /dev/null
+3DES cipher suites were removed from the default list used when
+[Config.CipherSuites] is nil. The default can be reverted adding `tls3des=1` to
+the GODEBUG environment variable.
"fmt"
"hash"
"internal/cpu"
+ "internal/godebug"
"runtime"
+ "slices"
"golang.org/x/crypto/chacha20poly1305"
)
TLS_RSA_WITH_RC4_128_SHA: true,
}
+var tlsrsakex = godebug.New("tlsrsakex")
+
// rsaKexCiphers contains the ciphers which use RSA based key exchange,
// which we also disable by default unless a GODEBUG is set.
var rsaKexCiphers = map[uint16]bool{
TLS_RSA_WITH_AES_256_GCM_SHA384: true,
}
-var defaultCipherSuites []uint16
-var defaultCipherSuitesWithRSAKex []uint16
+var tls3des = godebug.New("tls3des")
-func init() {
- defaultCipherSuites = make([]uint16, 0, len(cipherSuitesPreferenceOrder))
- defaultCipherSuitesWithRSAKex = make([]uint16, 0, len(cipherSuitesPreferenceOrder))
- for _, c := range cipherSuitesPreferenceOrder {
- if disabledCipherSuites[c] {
- continue
- }
- if !rsaKexCiphers[c] {
- defaultCipherSuites = append(defaultCipherSuites, c)
- }
- defaultCipherSuitesWithRSAKex = append(defaultCipherSuitesWithRSAKex, c)
- }
+// tdesCiphers contains 3DES ciphers,
+// which we also disable by default unless a GODEBUG is set.
+var tdesCiphers = map[uint16]bool{
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: true,
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA: true,
+}
+
+func defaultCipherSuites() []uint16 {
+ suites := slices.Clone(cipherSuitesPreferenceOrder)
+ return slices.DeleteFunc(suites, func(c uint16) bool {
+ return disabledCipherSuites[c] ||
+ tlsrsakex.Value() != "1" && rsaKexCiphers[c] ||
+ tls3des.Value() != "1" && tdesCiphers[c]
+ })
}
// defaultCipherSuitesTLS13 is also the preference order, since there are no
// If CipherSuites is nil, a safe default list is used. The default cipher
// suites might change over time. In Go 1.22 RSA key exchange based cipher
// suites were removed from the default list, but can be re-added with the
- // GODEBUG setting tlsrsakex=1.
+ // GODEBUG setting tlsrsakex=1. In Go 1.23 3DES cipher suites were removed
+ // from the default list, but can be re-added with the GODEBUG setting
+ // tls3des=1.
CipherSuites []uint16
// PreferServerCipherSuites is a legacy field and has no effect.
return t()
}
-var tlsrsakex = godebug.New("tlsrsakex")
-
func (c *Config) cipherSuites() []uint16 {
if needFIPS() {
return fipsCipherSuites(c)
if c.CipherSuites != nil {
return c.CipherSuites
}
- if tlsrsakex.Value() == "1" {
- return defaultCipherSuitesWithRSAKex
- }
- return defaultCipherSuites
+ return defaultCipherSuites()
}
var supportedVersions = []uint16{
tlsrsakex.Value() // ensure godebug is initialized
tlsrsakex.IncNonDefault()
}
+ if hs.c.config.CipherSuites == nil && !needFIPS() && tdesCiphers[hs.suite.id] {
+ tls3des.Value() // ensure godebug is initialized
+ tls3des.IncNonDefault()
+ }
hs.c.cipherSuite = hs.suite.id
return nil
tlsrsakex.Value() // ensure godebug is initialized
tlsrsakex.IncNonDefault()
}
+ if c.config.CipherSuites == nil && !needFIPS() && tdesCiphers[hs.suite.id] {
+ tls3des.Value() // ensure godebug is initialized
+ tls3des.IncNonDefault()
+ }
for _, id := range hs.clientHello.cipherSuites {
if id == TLS_FALLBACK_SCSV {
t.Errorf("%#04x: suite TLS 1.0-1.2, but SupportedVersions is %v", c.id, cc.SupportedVersions)
}
+ if cc.Insecure {
+ if slices.Contains(defaultCipherSuites(), c.id) {
+ t.Errorf("%#04x: insecure suite in default list", c.id)
+ }
+ } else {
+ if !slices.Contains(defaultCipherSuites(), c.id) {
+ t.Errorf("%#04x: secure suite not in default list", c.id)
+ }
+ }
+
if got := CipherSuiteName(c.id); got != cc.Name {
t.Errorf("%#04x: unexpected CipherSuiteName: got %q, expected %q", c.id, got, cc.Name)
}
if len(cipherSuitesPreferenceOrderNoAES) != len(cipherSuitesPreferenceOrder) {
t.Errorf("cipherSuitesPreferenceOrderNoAES is not the same size as cipherSuitesPreferenceOrder")
}
- if len(defaultCipherSuites) >= len(defaultCipherSuitesWithRSAKex) {
- t.Errorf("defaultCipherSuitesWithRSAKex should be longer than defaultCipherSuites")
- }
// Check that disabled suites are marked insecure.
for _, badSuites := range []map[uint16]bool{disabledCipherSuites, rsaKexCiphers} {
{Name: "randautoseed", Package: "math/rand"},
{Name: "tarinsecurepath", Package: "archive/tar"},
{Name: "tls10server", Package: "crypto/tls", Changed: 22, Old: "1"},
+ {Name: "tls3des", Package: "crypto/tls", Changed: 23, Old: "1"},
{Name: "tlskyber", Package: "crypto/tls", Changed: 23, Old: "0", Opaque: true},
{Name: "tlsmaxrsasize", Package: "crypto/tls"},
{Name: "tlsrsakex", Package: "crypto/tls", Changed: 22, Old: "1"},
c := ts.Client()
tr := c.Transport.(*Transport)
- tr.TLSClientConfig.CipherSuites = []uint16{tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA}
+ tr.TLSClientConfig.CipherSuites = []uint16{tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}
tr.TLSClientConfig.MaxVersion = tls.VersionTLS12 // to get to pick the cipher suite
tr.Dial = func(netw, addr string) (net.Conn, error) {
return net.Dial(netw, ts.Listener.Addr().String())
if res.TLS == nil {
t.Fatal("Response didn't set TLS Connection State.")
}
- if got, want := res.TLS.CipherSuite, tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA; got != want {
+ if got, want := res.TLS.CipherSuite, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256; got != want {
t.Errorf("TLS Cipher Suite = %d; want %d", got, want)
}
}
The number of non-default behaviors executed by the crypto/tls
package due to a non-default GODEBUG=tls10server=... setting.
+ /godebug/non-default-behavior/tls3des:events
+ The number of non-default behaviors executed by the crypto/tls
+ package due to a non-default GODEBUG=tls3des=... setting.
+
/godebug/non-default-behavior/tlsmaxrsasize:events
The number of non-default behaviors executed by the crypto/tls
package due to a non-default GODEBUG=tlsmaxrsasize=... setting.