An error occurred fetching the project authors.
- 09 Jan, 2014 1 commit
-
-
Adam Langley authored
The renegotiation extension was introduced[1] due to an attack by Ray in which a client's handshake was spliced into a connection that was renegotiating, thus giving an attacker the ability to inject an arbitary prefix into the connection. Go has never supported renegotiation as a server and so this attack doesn't apply. As a client, it's possible that at some point in the future the population of servers will be sufficiently updated that it'll be possible to reject connections where the server hasn't demonstrated that it has been updated to address this problem. We're not at that point yet, but it's good for Go servers to support the extension so that it might be possible to do in the future. [1] https://tools.ietf.org/search/rfc5746 R=golang-codereviews, mikioh.mikioh CC=golang-codereviews https://golang.org/cl/48580043
-
- 20 Dec, 2013 1 commit
-
-
Adam Langley authored
The practice of storing reference connections for testing has worked reasonably well, but the large blocks of literal data in the .go files is ugly and updating the tests is a real problem because their number has grown. This CL changes the way that reference tests work. It's now possible to automatically update the tests and the test data is now stored in testdata/. This should make it easier to implement changes that affect all connections, like implementing the renegotiation extension. R=golang-codereviews, r CC=golang-codereviews https://golang.org/cl/42060044
-