Files · a337091b0525af65de94df2eb7e98bd9962dcbe2 · go / net

http2: require either ECDSA or RSA ciphersuite · a337091b

Anmol Sethi authored Oct 09, 2016

The HTTP/2 RFC does indeed mandate TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
but in practice, people are also using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
becuase they are only using an ECDSA certificate. This is the case in acme/autocert.

It doesn't make sense to enforce only RSA in cipher suites if it will
never be used because they are using a ECDSA certificate.

Change-Id: I86dac192a3eb9b74e4268310a3b550b3bd88a37f
Reviewed-on: https://go-review.googlesource.com/30721Reviewed-by: Tom Bergan <tombergan@google.com>
Run-TryBot: Tom Bergan <tombergan@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

a337091b

Name	Last commit	Last update
bpf		Loading commit data...
context		Loading commit data...
dict		Loading commit data...
dns/dnsmessage		Loading commit data...
html		Loading commit data...
http2		Loading commit data...
icmp		Loading commit data...
idna		Loading commit data...
internal		Loading commit data...
ipv4		Loading commit data...
ipv6		Loading commit data...
lex/httplex		Loading commit data...
lif		Loading commit data...
nettest		Loading commit data...
netutil		Loading commit data...
proxy		Loading commit data...
publicsuffix		Loading commit data...
route		Loading commit data...
trace		Loading commit data...
webdav		Loading commit data...
websocket		Loading commit data...
xsrftoken		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
AUTHORS		Loading commit data...
CONTRIBUTING.md		Loading commit data...
CONTRIBUTORS		Loading commit data...
LICENSE		Loading commit data...
PATENTS		Loading commit data...
README.md		Loading commit data...
codereview.cfg		Loading commit data...

README.md