]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 08086e6)
net/http: update bundled http2
authorBrad Fitzpatrick <bradfitz@golang.org>
Thu, 30 Jun 2016 22:11:22 +0000 (22:11 +0000)
committerBrad Fitzpatrick <bradfitz@golang.org>
Thu, 30 Jun 2016 23:21:30 +0000 (23:21 +0000)
Updates x/net/http2 to git rev b400c2e for https://golang.org/cl/24214,
"http2: add additional blacklisted ciphersuites"

Both TLS_RSA_WITH_AES_128_GCM_SHA256 & TLS_RSA_WITH_AES_256_GCM_SHA384
are now blacklisted, per http://httpwg.org/specs/rfc7540.html#BadCipherSuites

Change-Id: I8b9a7f4dc3c152d0675e196523ddd36111744984
Reviewed-on: https://go-review.googlesource.com/24684
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

src/net/http/h2_bundle.go patch | blob | history

diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
index 68c05d559cefe771a528399621235b6ccee14d9c..352a41d41405b1469ed2f76cf276b286aca7dd48 100644 (file)
--- a/src/net/http/h2_bundle.go
+++ b/src/net/http/h2_bundle.go
@@ -1992,6 +1992,29 @@ func http2transportExpectContinueTimeout(t1 *Transport) time.Duration {
        return t1.ExpectContinueTimeout
 }
 
+// isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec.
+func http2isBadCipher(cipher uint16) bool {
+       switch cipher {
+       case tls.TLS_RSA_WITH_RC4_128_SHA,
+               tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+               tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+               tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+               tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+               tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+               tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+               tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+               tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+               tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+               tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+               tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+               tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+
+               return true
+       default:
+               return false
+       }
+}
+
 type http2contextContext interface {
        context.Context
 }
@@ -2999,27 +3022,6 @@ func (s *http2Server) ServeConn(c net.Conn, opts *http2ServeConnOpts) {
        sc.serve()
 }
 
-// isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec.
-func http2isBadCipher(cipher uint16) bool {
-       switch cipher {
-       case tls.TLS_RSA_WITH_RC4_128_SHA,
-               tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-               tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-               tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-               tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-               tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-               tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-               tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-               tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-               tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-               tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
-
-               return true
-       default:
-               return false
-       }
-}
-
 func (sc *http2serverConn) rejectConn(err http2ErrCode, debug string) {
        sc.vlogf("http2: server rejecting conn: %v, %s", err, debug)
 
Go GOST TLS 1.3