Cypherpunks repositories - gostls13.git/commit

]> Cypherpunks repositories - gostls13.git/commit

author	Adam Langley <agl@golang.org>
	Mon, 24 Feb 2014 22:57:51 +0000 (17:57 -0500)
committer	Adam Langley <agl@golang.org>
	Mon, 24 Feb 2014 22:57:51 +0000 (17:57 -0500)
commit	db99a8faa89cdd10435de16a7230fd0ce8e47139
tree	7ed619b40e5526506704ce8205ada9028dc1f285	tree
parent	e6e894500171ee8013713f76660076632f1b355c	commit \| diff

crypto/tls: pick ECDHE curves based on server preference.

Currently an ECDHE handshake uses the client's curve preference. This
generally means that we use P-521. However, P-521's strength is
mismatched with the rest of the cipher suite in most cases and we have
a fast, constant-time implementation of P-256.

With this change, Go servers will use P-256 where the client supports
it although that can be overridden in the Config.

LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/66060043

30 files changed:

src/pkg/crypto/tls/common.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_client.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_messages.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_messages_test.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_server.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_server_test.go		diff \| blob \| history
src/pkg/crypto/tls/key_agreement.go		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ECDHE-RSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-RSA-RC4		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv11-ECDHE-RSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv11-RSA-RC4		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-RSA-RC4		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM		diff \| blob \| history

Go GOST TLS 1.3

RSS Atom