• Kevin Burke's avatar
    crypto/tls: recommend P256 elliptic curve · 26c2926f
    Kevin Burke authored
    Users (like myself) may be tempted to think the higher-numbered curve
    is somehow better or more secure, but P256 is currently the best
    ECDSA implementation, due to its better support in TLS clients, and a
    constant time implementation.
    
    For example, sites that present a certificate signed with P521
    currently fail to load in Chrome stable, and the error on the Go side
    says simply "remote error: tls: illegal parameter".
    
    Fixes #19901.
    
    Change-Id: Ia5e689e7027ec423624627420e33029c56f0bd82
    Reviewed-on: https://go-review.googlesource.com/40211Reviewed-by: 's avatarBrad Fitzpatrick <bradfitz@golang.org>
    26c2926f
generate_cert.go 4.28 KB