crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 [1.20 backport] #64718

gopherbot · 2023-12-14T16:07:40Z

@FiloSottile requested issue #64717 to be considered for backport to the next 1.20 minor release.

@gopherbot please open backport issues. All supported Go versions need to be able to comply with NIST SP 800-52 Rev. 2 in GOEXPERIMENT=boringcrypto mode.

/cc @golang/release @golang/security @rsc

The text was updated successfully, but these errors were encountered:

mdempsky · 2024-01-03T17:23:58Z

@FiloSottile Do you plan to create a backport CL? Thanks.

FiloSottile · 2024-01-04T09:15:13Z

Sorry, I had missed the transition to CherryPickApproved. Mailing it today.

gopherbot · 2024-01-04T09:33:50Z

Change https://go.dev/cl/553875 mentions this issue: [release-branch.go1.20] crypto/internal/boring: upgrade module to fips-20220613

gopherbot · 2024-01-04T09:33:52Z

Change https://go.dev/cl/553876 mentions this issue: [release-branch.go1.20] crypto/tls: align FIPS-only mode with BoringSSL policy

gopherbot · 2024-01-04T22:34:46Z

Closed by merging 9e4abed to release-branch.go1.20.

…s-20220613 Also, add EVP_aead_aes_*_gcm_tls13 to the build, which we will need in a following CL, to avoid rebuilding the syso twice. Updates #64717 Updates #62372 Updates #64718 Change-Id: Ie4d853ad9b914c1095cad60694a1ae6f77dc22ce Cq-Include-Trybots: luci.golang.try:go1.20-linux-amd64-boringcrypto Reviewed-on: https://go-review.googlesource.com/c/go/+/549695 Reviewed-by: Than McIntosh <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/553875 Auto-Submit: Matthew Dempsky <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>

…SL policy This enables TLS 1.3, disables P-521, and disables non-ECDHE suites. Updates #64717 Updates #62372 Fixes #64718 Change-Id: I3a65b239ef0198bbdbe5e55e0810e7128f90a091 Reviewed-on: https://go-review.googlesource.com/c/go/+/549975 Reviewed-by: Roland Shoemaker <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Than McIntosh <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/553876 Run-TryBot: Matthew Dempsky <[email protected]> Auto-Submit: Matthew Dempsky <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]> TryBot-Result: Gopher Robot <[email protected]>

gopherbot added the CherryPickCandidate Used during the release process for point releases label Dec 14, 2023

gopherbot mentioned this issue Dec 14, 2023

crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 [freeze exception] #64717

Closed

gopherbot added this to the Go1.20.13 milestone Dec 14, 2023

cagedmantis added the CherryPickApproved Used during the release process for point releases label Dec 20, 2023

gopherbot removed the CherryPickCandidate Used during the release process for point releases label Dec 20, 2023

gopherbot closed this as completed Jan 4, 2024

golang locked and limited conversation to collaborators Jan 3, 2025

gopherbot added the FrozenDueToAge label Jan 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 [1.20 backport] #64718

crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 [1.20 backport] #64718

gopherbot commented Dec 14, 2023

mdempsky commented Jan 3, 2024

FiloSottile commented Jan 4, 2024

gopherbot commented Jan 4, 2024

gopherbot commented Jan 4, 2024

gopherbot commented Jan 4, 2024

crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 [1.20 backport] #64718

crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 [1.20 backport] #64718

Comments

gopherbot commented Dec 14, 2023

mdempsky commented Jan 3, 2024

FiloSottile commented Jan 4, 2024

gopherbot commented Jan 4, 2024

gopherbot commented Jan 4, 2024

gopherbot commented Jan 4, 2024