Disabling SHA-256 CBC ciphersuites by default in 1.8
285 views
Skip to first unread message
Filippo Valsorda
Jan 16, 2017, 7:06:51 PM1/16/17
to golan...@googlegroups.com, a...@golang.org, Brad Fitzpatrick
Hello,
1.8 introduces a set of rarely used ciphersuites (SHA-256 CBC). Being
CBC ciphersuites, they are by default vulnerable to timing attacks. The
SHA-1 variants have some partial countermeasures, but these new SHA-256
ones don't.
Judging from https://github.com/golang/go/issues/15487 they are not
hugely useful, so there is not as strong a compatibility argument as
there is for the rest of the CBC ciphersuites
https://github.com/golang/go/issues/13385
I know it's very very very late in the cycle, but just flagging them
suiteDefaultOff seems a small enough change, non breaking (since they
are new anyway), that avoids making the safest choice more difficult in
1.9.
Here's a CL https://go-review.googlesource.com/c/35290/
Cheers,
Filippo
1.8 introduces a set of rarely used ciphersuites (SHA-256 CBC). Being
CBC ciphersuites, they are by default vulnerable to timing attacks. The
SHA-1 variants have some partial countermeasures, but these new SHA-256
ones don't.
Judging from https://github.com/golang/go/issues/15487 they are not
hugely useful, so there is not as strong a compatibility argument as
there is for the rest of the CBC ciphersuites
https://github.com/golang/go/issues/13385
I know it's very very very late in the cycle, but just flagging them
suiteDefaultOff seems a small enough change, non breaking (since they
are new anyway), that avoids making the safest choice more difficult in
1.9.
Here's a CL https://go-review.googlesource.com/c/35290/
Cheers,
Filippo
Brad Fitzpatrick
Jan 17, 2017, 12:35:01 PM1/17/17
to Filippo Valsorda, golang-dev, Adam Langley
SGTM, if agl is happy, and (per the CL) agl is happy.
Reply all
Reply to author
Forward
0 new messages