From 92d04f3ebdc9c6ebe10c24ddbb809dd90a66d5b9 Mon Sep 17 00:00:00 2001
From: Peter Wu <pwu@cloudflare.com>
Date: Mon, 27 Nov 2017 16:44:01 +0000
Subject: [PATCH] tris: advertise PSS in Client Hello for TLS 1.3

Until PSS support is finalized for TLS 1.2, let's not advertise support
for that. Since TLS 1.3 however mandates PSS, we have no other option
than advertising this even if we have not added complete support.

Another reason why I apply it to just TLS 1.3 and not 1.2 is because the
latter would require updating the testdata.
---
 common.go           | 16 ++++++++++++++++
 handshake_client.go |  1 +
 2 files changed, 17 insertions(+)

diff --git a/common.go b/common.go
index 80bab19..5526aa4 100644
--- a/common.go
+++ b/common.go
@@ -184,6 +184,22 @@ var supportedSignatureAlgorithms = []SignatureScheme{
 	ECDSAWithSHA1,
 }
 
+// supportedSignatureAlgorithms13 lists the advertised signature algorithms
+// allowed for digital signatures. It includes TLS 1.2 + PSS.
+var supportedSignatureAlgorithms13 = []SignatureScheme{
+	PSSWithSHA256,
+	PKCS1WithSHA256,
+	ECDSAWithP256AndSHA256,
+	PSSWithSHA384,
+	PKCS1WithSHA384,
+	ECDSAWithP384AndSHA384,
+	PSSWithSHA512,
+	PKCS1WithSHA512,
+	ECDSAWithP521AndSHA512,
+	PKCS1WithSHA1,
+	ECDSAWithSHA1,
+}
+
 // ConnectionState records basic TLS details about the connection.
 type ConnectionState struct {
 	ConnectionID                []byte                // Random unique connection id
diff --git a/handshake_client.go b/handshake_client.go
index a3c4cfc..c328fdd 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -105,6 +105,7 @@ NextCipherSuite:
 		// set legacy_version to TLS 1.2 for backwards compatibility.
 		hello.vers = VersionTLS12
 		hello.supportedVersions = config.getSupportedVersions()
+		hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms13
 	}
 
 	return hello, nil