Commits · f1d669aee994b28e1afcfe974680565932d25b70 · Kirill Smelkov / go

An error occurred fetching the project authors.

04 Feb, 2015 1 commit

crypto/tls: add support for AES_256_GCM_SHA384 cipher suites specified in RFC5289 · f1d669ae

Jacob H. Haven authored 10 years ago

Generalizes PRF calculation for TLS 1.2 to support arbitrary hashes (SHA-384 instead of SHA-256).
Testdata were all updated to correspond with the new cipher suites in the handshake.

Change-Id: I3d9fc48c19d1043899e38255a53c80dc952ee08f
Reviewed-on: https://go-review.googlesource.com/3265Reviewed-by: Adam Langley <agl@golang.org>

f1d669ae

08 Sep, 2014 1 commit

build: move package sources from src/pkg to src · c007ce82

Russ Cox authored 10 years ago

Preparation was in CL 134570043.
This CL contains only the effect of 'hg mv src/pkg/* src'.
For more about the move, see golang.org/s/go14nopkg.

c007ce82

24 Feb, 2014 1 commit

crypto/tls: pick ECDHE curves based on server preference. · db99a8fa

Adam Langley authored 11 years ago

Currently an ECDHE handshake uses the client's curve preference. This
generally means that we use P-521. However, P-521's strength is
mismatched with the rest of the cipher suite in most cases and we have
a fast, constant-time implementation of P-256.

With this change, Go servers will use P-256 where the client supports
it although that can be overridden in the Config.

LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/66060043

db99a8fa

09 Jan, 2014 1 commit

crypto/tls: support renegotiation extension. · 779ef7bd

Adam Langley authored 11 years ago

The renegotiation extension was introduced[1] due to an attack by Ray in
which a client's handshake was spliced into a connection that was
renegotiating, thus giving an attacker the ability to inject an
arbitary prefix into the connection.

Go has never supported renegotiation as a server and so this attack
doesn't apply. As a client, it's possible that at some point in the
future the population of servers will be sufficiently updated that
it'll be possible to reject connections where the server hasn't
demonstrated that it has been updated to address this problem.

We're not at that point yet, but it's good for Go servers to support
the extension so that it might be possible to do in the future.

[1] https://tools.ietf.org/search/rfc5746

R=golang-codereviews, mikioh.mikioh
CC=golang-codereviews
https://golang.org/cl/48580043

779ef7bd

20 Dec, 2013 1 commit

crypto/tls: rework reference tests. · 6f149492

Adam Langley authored 11 years ago

The practice of storing reference connections for testing has worked
reasonably well, but the large blocks of literal data in the .go files
is ugly and updating the tests is a real problem because their number
has grown.

This CL changes the way that reference tests work. It's now possible to
automatically update the tests and the test data is now stored in
testdata/. This should make it easier to implement changes that affect
all connections, like implementing the renegotiation extension.

R=golang-codereviews, r
CC=golang-codereviews
https://golang.org/cl/42060044

6f149492