perso/syncthing-arm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

lib/tlsutil: Remove hardcoded curve preferences (fixes #5940) (#5942)

Browse Source 
They are arguable outdated and we are better off trusting the standard
library than trying to keep up with it ourselves.
This commit is contained in:
Jakob Borg 2019-08-11 19:01:57 +02:00 committed by Simon Frei
parent 4a619e74f2
commit 720a6bf62e
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/tlsutil/tlsutil.go
View File

@ -86,10 +86,6 @@ func SecureDefault() *tls.Config {
return &tls.Config{ return &tls.Config{
// TLS 1.2 is the minimum we accept // TLS 1.2 is the minimum we accept
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
// We want the longer curves at the front, because that's more
// secure (so the web tells me, don't ask me to explain the
// details).
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
// The cipher suite lists built above. These are ignored in TLS 1.3. // The cipher suite lists built above. These are ignored in TLS 1.3.
CipherSuites: cs, CipherSuites: cs,
// We've put some thought into this choice and would like it to // We've put some thought into this choice and would like it to