FAQ
I stopped the review at this point.

Fixed ECDH is a very obscure corner of TLS that very little supports.
Client-auth with fixed ECDH is basically unheard of.

I'm hesitant that we want the cost of code this odd. Are you sure that
you don't want ECDHE_ECDSA?


https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/cipher_suites.go
File src/pkg/crypto/tls/cipher_suites.go (right):

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/cipher_suites.go#newcode59
src/pkg/crypto/tls/cipher_suites.go:59:
{TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdhECDSAKA, true,
cipherRC4, macSHA1},
ECDH_ECDSA, not ECDHE_ECDSA? That's a very obscure ciphersuite and
probably not what you wanted.

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/common.go
File src/pkg/crypto/tls/common.go (right):

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/common.go#newcode99
src/pkg/crypto/tls/common.go:99: certTypeRSAFixedECDH = 65 // A
certificate containing an ECDH-capable public key, signed with RSA.
"A certificate containing an ECDH public value, signed with RSA"

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/common.go#newcode100
src/pkg/crypto/tls/common.go:100: certTypeECDSAFixedECDH = 66 // A
certificate containing an ECDH-capable public key, signed with ECDSA.
ditto, but with ECDSA of course.

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/handshake_client.go
File src/pkg/crypto/tls/handshake_client.go (right):

https://codereview.appspot.com/6775043/diff/17001/src/pkg/crypto/tls/handshake_client.go#newcode199
src/pkg/crypto/tls/handshake_client.go:199: case certTypeECDSAFixedECDH:
client auth with fixed ECDH is even more obscure than fixed ECDH
server-side!

https://codereview.appspot.com/6775043/

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-dev @
categoriesgo
postedNov 26, '12 at 3:38p
activeNov 26, '12 at 3:38p
posts1
users1
websitegolang.org

1 user in discussion

Agl: 1 post

People

Translate

site design / logo © 2022 Grokbase