crypto/tls: Improve ambiguous comment in cipher_suites.go
A comment existed referencing RC4 coming before AES because of it's vulnerability to the Lucky 13 attack. This clarifies that the Lucky 13 attack only effects AES-CBC, and not AES-GCM. Fixes #14474 Change-Id: Idcb07b5e0cdb0f9257cf75abea60129ba495b5f5 Reviewed-on: https://go-review.googlesource.com/19845 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
parent
5663f22172
commit
fd1ada09a1
@ -74,7 +74,7 @@ type cipherSuite struct {
|
|||||||
|
|
||||||
var cipherSuites = []*cipherSuite{
|
var cipherSuites = []*cipherSuite{
|
||||||
// Ciphersuite order is chosen so that ECDHE comes before plain RSA
|
// Ciphersuite order is chosen so that ECDHE comes before plain RSA
|
||||||
// and RC4 comes before AES (because of the Lucky13 attack).
|
// and RC4 comes before AES-CBC (because of the Lucky13 attack).
|
||||||
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM},
|
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM},
|
||||||
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM},
|
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM},
|
||||||
{TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
|
{TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
|
||||||
|
Loading…
Reference in New Issue
Block a user