Go GOST TLS 1.3

This is a fork of Go 1.23.4 with:

You can build it with the following steps:

GOST-related crypto/tls.SignatureSchemes are not enabled by default, simply because it will fail native unittests. crypto/tls also does not provide ability to control TLS 1.3 CipherSuite choice and GOST-related suites are not enabled by default too. You can use tls.GOSTInstall*() functions for enabling all of that.

Pay attention that:

Look at src/crypto/x509/x509_test.go and src/crypto/tls/gost_test.go for example usage.

If you want to always enable GOST TLS 1.3 support, then you can just simply:

$ cat >>src/crypto/tls/gost.go <<EOF
func init() {
    GOSTInstall()
}
EOF

GOST preferred client connection:

serverCAs := x509.NewCertPool()
serverCAs.AddCert(serverCertGOST)
clientConfig := &tls.Config{
    MinVersion:       tls.VersionTLS13,
    MaxVersion:       tls.VersionTLS13,
    CurvePreferences: []tls.CurveID{tls.GOSTCurve256A},
    RootCAs:          serverCAs,
    ServerName:       "server.com",
}
conn, err := tls.Dial("tcp", "...", clientConfig)