Go: proposal: crypto/tls: add TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 support
Please answer these questions before submitting your issue. Thanks!
Our security team requires TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 cipher suite. Is there any plan to add it in Go?
What version of Go are you using (go version)?
1.8.3 and 1.9
Does this issue reproduce with the latest release?
What operating system and processor architecture are you using (go env)?
What did you do?
What did you expect to see?
What did you see instead?
weinong
All 6 comments
/cc @agl @FiloSottile and other crypto folks
odeke-em
on 26 Aug 2017
We added the AES_128/SHA256 variant in #15487. Off by default because #13385.
This would be the only suite with a SHA384 MAC.
Not a fan of enabling CBC to keep going on in this world (as opposed to AEAD modes) except as a backwards compatibility crutch. But based on what @agl decides, happy to implement it.
FiloSottile
on 26 Aug 2017
@weinong, is that really the _only_ suite allowed by your security team? If not, what other ones are allowed? If so, do you know the rationale? It sounds like we might not want to allow this one by default, but maybe another is available?
rsc
on 28 Aug 2017
I added the CBC + SHA-256 cipher suites in a moment of weakness and regret it. I would prefer not to compound that error.
agl
on 29 Aug 2017
No response to why. Declining.
rsc
on 9 Oct 2017
Some outbound outlook.com SMTP relays try to use this cipher suite. There is no other suite in the Go tls package that matches, so those connections cannot use STARTTLS.
This is not a particularly compelling argument for adding support, rather than Microsoft fixing their servers, but it offers at least some explanation.
crawshaw
on 27 Jun 2018
Related issues
jayhuang75
路
3Comments
bbodenmiller
路
3Comments
bradfitz
路
3Comments
ashb
路
3Comments
gopherbot
路
3Comments
Most helpful comment
I added the CBC + SHA-256 cipher suites in a moment of weakness and regret it. I would prefer not to compound that error.