mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-04 04:27:36 +03:00
crypto/tls: disable 3-DES by default
Fixes #66214 Change-Id: Iba8006a17fc7cd33c7485ab1a1ef8f56531c0ed1 Reviewed-on: https://go-review.googlesource.com/c/go/+/587295 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org>
This commit is contained in:
parent
bbd7da73e1
commit
470b5f1f9d
5 changed files with 41 additions and 24 deletions
13
tls_test.go
13
tls_test.go
|
@ -1458,6 +1458,16 @@ func TestCipherSuites(t *testing.T) {
|
|||
t.Errorf("%#04x: suite TLS 1.0-1.2, but SupportedVersions is %v", c.id, cc.SupportedVersions)
|
||||
}
|
||||
|
||||
if cc.Insecure {
|
||||
if slices.Contains(defaultCipherSuites(), c.id) {
|
||||
t.Errorf("%#04x: insecure suite in default list", c.id)
|
||||
}
|
||||
} else {
|
||||
if !slices.Contains(defaultCipherSuites(), c.id) {
|
||||
t.Errorf("%#04x: secure suite not in default list", c.id)
|
||||
}
|
||||
}
|
||||
|
||||
if got := CipherSuiteName(c.id); got != cc.Name {
|
||||
t.Errorf("%#04x: unexpected CipherSuiteName: got %q, expected %q", c.id, got, cc.Name)
|
||||
}
|
||||
|
@ -1491,9 +1501,6 @@ func TestCipherSuites(t *testing.T) {
|
|||
if len(cipherSuitesPreferenceOrderNoAES) != len(cipherSuitesPreferenceOrder) {
|
||||
t.Errorf("cipherSuitesPreferenceOrderNoAES is not the same size as cipherSuitesPreferenceOrder")
|
||||
}
|
||||
if len(defaultCipherSuites) >= len(defaultCipherSuitesWithRSAKex) {
|
||||
t.Errorf("defaultCipherSuitesWithRSAKex should be longer than defaultCipherSuites")
|
||||
}
|
||||
|
||||
// Check that disabled suites are marked insecure.
|
||||
for _, badSuites := range []map[uint16]bool{disabledCipherSuites, rsaKexCiphers} {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue