From 320cfd8f47540ce1c09c39db951e8de6d27da099 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 19 Jun 2013 16:46:53 -0400 Subject: [PATCH] crypto/tls: change advertised ciphersuite order. TLS clients send ciphersuites in preference order (most prefereable first). This change alters the order so that ECDHE comes before plain RSA, and RC4 comes before AES (because of the Lucky13 attack). This is unlikely to have much effect: as a server, the code uses the client's ciphersuite order by default and, as a client, the non-Go server probably imposes its order. R=golang-dev, r, raggi, jsing CC=golang-dev https://golang.org/cl/10372045 --- cipher_suites.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/cipher_suites.go b/cipher_suites.go index 11181e4..a9cd5c4 100644 --- a/cipher_suites.go +++ b/cipher_suites.go @@ -52,14 +52,16 @@ type cipherSuite struct { } var cipherSuites = []*cipherSuite{ - {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, false, cipherRC4, macSHA1}, - {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, false, cipher3DES, macSHA1}, - {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, false, cipherAES, macSHA1}, - {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, false, cipherAES, macSHA1}, + // Ciphersuite order is chosen so that ECDHE comes before plain RSA + // and RC4 comes before AES (because of the Lucky13 attack). {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, true, cipherRC4, macSHA1}, - {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, true, cipher3DES, macSHA1}, {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, true, cipherAES, macSHA1}, {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, true, cipherAES, macSHA1}, + {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, false, cipherRC4, macSHA1}, + {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, false, cipherAES, macSHA1}, + {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, false, cipherAES, macSHA1}, + {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, true, cipher3DES, macSHA1}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, false, cipher3DES, macSHA1}, } func cipherRC4(key, iv []byte, isRead bool) interface{} {