diff options
-rw-r--r-- | src/crypto/tls/boring.go | 2 | ||||
-rw-r--r-- | src/crypto/tls/boring_test.go | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go index dabc67423d..63957c7442 100644 --- a/src/crypto/tls/boring.go +++ b/src/crypto/tls/boring.go @@ -91,7 +91,7 @@ func isBoringCertificate(c *x509.Certificate) bool { default: return false case *rsa.PublicKey: - if size := k.N.BitLen(); size != 2048 && size != 3072 { + if size := k.N.BitLen(); size != 2048 && size != 3072 && size != 4096 { return false } case *ecdsa.PublicKey: diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go index 8dd477a021..f7a2e03590 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go @@ -309,7 +309,7 @@ func TestBoringCertAlgs(t *testing.T) { // Set up some roots, intermediate CAs, and leaf certs with various algorithms. // X_Y is X signed by Y. R1 := boringCert(t, "R1", boringRSAKey(t, 2048), nil, boringCertCA|boringCertFIPSOK) - R2 := boringCert(t, "R2", boringRSAKey(t, 4096), nil, boringCertCA) + R2 := boringCert(t, "R2", boringRSAKey(t, 1024), nil, boringCertCA) M1_R1 := boringCert(t, "M1_R1", boringECDSAKey(t, elliptic.P256()), R1, boringCertCA|boringCertFIPSOK) M2_R1 := boringCert(t, "M2_R1", boringECDSAKey(t, elliptic.P224()), R1, boringCertCA) |