]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: d361691) | patch
crypto/tls: de-prioritize AES-GCM ciphers when lacking hardware support
authorRoland Shoemaker <rolandshoemaker@gmail.com>
Fri, 16 Oct 2020 01:32:20 +0000 (18:32 -0700)
committerRoland Shoemaker <roland@golang.org>
Tue, 10 Nov 2020 01:40:27 +0000 (01:40 +0000)
commit9f39a43e0d728721d5a9e2586ce47a57585591c5
tree7c67a9250cd902b928fe4fb56184bc5880651753tree
parentd36169120199e7f2b8c517fa6d82333496bb0a0acommit | diff
crypto/tls: de-prioritize AES-GCM ciphers when lacking hardware support

When either the server or client are lacking hardware support for
AES-GCM ciphers, indicated by the server lacking the relevant
instructions and by the client not putting AES-GCM ciphers at the top
of its preference list, reorder the preference list to de-prioritize
AES-GCM based ciphers when they are adjacent to other AEAD ciphers.

Also updates a number of recorded openssl TLS tests which previously
only specified TLS 1.2 cipher preferences (using -cipher), but not
TLS 1.3 cipher preferences (using -ciphersuites), to specify both
preferences, making these tests more predictable.

Fixes #41181.

Change-Id: Ied896c96c095481e755aaff9ff0746fb4cb9568e
Reviewed-on: https://go-review.googlesource.com/c/go/+/262857
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
38 files changed:
doc/go1.16.html diff | blob | history
src/crypto/tls/common.go diff | blob | history
src/crypto/tls/handshake_server.go diff | blob | history
src/crypto/tls/handshake_server_test.go diff | blob | history
src/crypto/tls/handshake_server_tls13.go diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-ALPN diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-Ed25519 diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-IssueTicket diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPKCS1v15 diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-Resume diff | blob | history
src/crypto/tls/testdata/Server-TLSv12-ResumeDisabled diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-ALPN diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-ALPN-NoMatch diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndEd25519Given diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedNotGiven diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-Ed25519 diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-ExportKeyingMaterial diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-HelloRetryRequest diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-IssueTicket diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-IssueTicketPreDisable diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-P256 diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS-TooSmall diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-Resume diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-Resume-HelloRetryRequest diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-ResumeDisabled diff | blob | history
src/crypto/tls/testdata/Server-TLSv13-X25519 diff | blob | history
Go GOST TLS 1.3