gravitational · atburke · Feb 17, 2022 · Feb 1, 2022 · Feb 3, 2022 · Feb 5, 2022
diff --git a/api/client/proto/authservice.pb.go b/api/client/proto/authservice.pb.go
diff --git a/api/client/proto/authservice.proto b/api/client/proto/authservice.proto
@@ -373,6 +373,8 @@ message PingResponse {
     Features ServerFeatures = 3 [ (gogoproto.jsontag) = "server_features" ];
     // ProxyPublicAddr is the server's public proxy address.
     string ProxyPublicAddr = 4 [ (gogoproto.jsontag) = "proxy_public_addr" ];
+    // IsBoring signals whether or not the server was compiled with BoringCrypto.
+    bool IsBoring = 5 [ (gogoproto.jsontag) = "is_boring" ];
 }
 
 // Features are auth server features.

diff --git a/integration/integration_test.go b/integration/integration_test.go
@@ -3262,9 +3262,7 @@ func testAuditOff(t *testing.T, suite *integrationTestSuite) {
 	}
 
 	// audit log should have the fact that the session occurred recorded in it
-	sessions, err = site.GetSessions(apidefaults.Namespace)
-	require.NoError(t, err)
-	require.Len(t, sessions, 1)
+	// but the session could have been garbage collected at this point.
 
 	// however, attempts to read the actual sessions should fail because it was
 	// not actually recorded

diff --git a/lib/auth/auth_with_roles.go b/lib/auth/auth_with_roles.go
@@ -1413,6 +1413,7 @@ func (a *ServerWithRoles) Ping(ctx context.Context) (proto.PingResponse, error)
 		ServerVersion:   teleport.Version,
 		ServerFeatures:  modules.GetModules().Features().ToProto(),
 		ProxyPublicAddr: a.getProxyPublicAddr(),
+		IsBoring:        modules.GetModules().IsBoringBinary(),
 	}, nil
 }
 

diff --git a/lib/client/client.go b/lib/client/client.go
@@ -538,6 +538,16 @@ func (proxy *ProxyClient) NewWatcher(ctx context.Context, watch types.Watch) (ty
 	return watcher, nil
 }
 
+// isAuthBoring checks whether or not the auth server for the current cluster was compiled with BoringCrypto.
+func (proxy *ProxyClient) isAuthBoring(ctx context.Context) (bool, error) {
+	site, err := proxy.ConnectToCurrentCluster(ctx, false)
+	if err != nil {
+		return false, trace.Wrap(err)
+	}
+	resp, err := site.Ping(ctx)
+	return resp.IsBoring, trace.Wrap(err)
+}
+
 // FindServersByLabels returns list of the nodes which have labels exactly matching
 // the given label set.
 //

diff --git a/lib/client/session.go b/lib/client/session.go
@@ -149,7 +149,8 @@ func newSession(client *NodeClient,
 		defer ns.closeWait.Done()
 
 		<-ns.closer.C
-		if isFIPS() {
+
+		if isFIPS() || isAuthServerBoring(client) {
 			if err := ns.terminal.Clear(); err != nil {
 				log.Warnf("Failed to clear screen: %v.", err)
 			}
@@ -160,6 +161,15 @@ func newSession(client *NodeClient,
 	return ns, nil
 }
 
+func isAuthServerBoring(client *NodeClient) bool {
+	boring, err := client.Proxy.isAuthBoring(context.Background())
+	if err != nil {
+		log.Errorf("Failed to ping auth server: %v.", err)
+		return false
+	}
+	return boring
+}
+
 func (ns *NodeSession) NodeClient() *NodeClient {
 	return ns.nodeClient
 }