Hello,
1.8 introduces a set of rarely used ciphersuites (SHA-256 CBC). Being
CBC ciphersuites, they are by default vulnerable to timing attacks. The
SHA-1 variants have some partial countermeasures, but these new SHA-256
ones don't.
Judging from
https://github.com/golang/go/issues/15487 they are not
hugely useful, so there is not as strong a compatibility argument as
there is for the rest of the CBC ciphersuites
https://github.com/golang/go/issues/13385
I know it's very very very late in the cycle, but just flagging them
suiteDefaultOff seems a small enough change, non breaking (since they
are new anyway), that avoids making the safest choice more difficult in
1.9.
Here's a CL
https://go-review.googlesource.com/c/35290/
Cheers,
Filippo