mirrors/utls

Fork 0

mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00

Commit graph

Author	SHA1	Message	Date
Kevin Burke	a94b12d7a8	crypto/tls: handle errors in generate_cert.go I don't expect these to hit often, but we should still alert users if we fail to write the correct data to the file, or fail to close it. Change-Id: I33774e94108f7f18ed655ade8cca229b1993d4d2 Reviewed-on: https://go-review.googlesource.com/91456 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>	2018-02-13 18:14:27 +00:00
Kevin Burke	fea4b4c8dd	crypto/tls: recommend P256 elliptic curve Users (like myself) may be tempted to think the higher-numbered curve is somehow better or more secure, but P256 is currently the best ECDSA implementation, due to its better support in TLS clients, and a constant time implementation. For example, sites that present a certificate signed with P521 currently fail to load in Chrome stable, and the error on the Go side says simply "remote error: tls: illegal parameter". Fixes #19901. Change-Id: Ia5e689e7027ec423624627420e33029c56f0bd82 Reviewed-on: https://go-review.googlesource.com/40211 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>	2017-04-10 17:40:01 +00:00
Russ Cox	bb890c0d27	build: move package sources from src/pkg to src Preparation was in CL 134570043. This CL contains only the effect of 'hg mv src/pkg/* src'. For more about the move, see golang.org/s/go14nopkg.	2014-09-08 00:08:51 -04:00

Author

SHA1

Message

Date

Kevin Burke

a94b12d7a8

crypto/tls: handle errors in generate_cert.go

I don't expect these to hit often, but we should still alert users if
we fail to write the correct data to the file, or fail to close it.

Change-Id: I33774e94108f7f18ed655ade8cca229b1993d4d2
Reviewed-on: https://go-review.googlesource.com/91456
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

2018-02-13 18:14:27 +00:00

Kevin Burke

fea4b4c8dd

crypto/tls: recommend P256 elliptic curve

Users (like myself) may be tempted to think the higher-numbered curve
is somehow better or more secure, but P256 is currently the best
ECDSA implementation, due to its better support in TLS clients, and a
constant time implementation.

For example, sites that present a certificate signed with P521
currently fail to load in Chrome stable, and the error on the Go side
says simply "remote error: tls: illegal parameter".

Fixes #19901.

Change-Id: Ia5e689e7027ec423624627420e33029c56f0bd82
Reviewed-on: https://go-review.googlesource.com/40211
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

2017-04-10 17:40:01 +00:00

Russ Cox

bb890c0d27

build: move package sources from src/pkg to src

Preparation was in CL 134570043.
This CL contains only the effect of 'hg mv src/pkg/* src'.
For more about the move, see golang.org/s/go14nopkg.

2014-09-08 00:08:51 -04:00

3 commits