code review 10372045: crypto/tls: change advertised ciphersuite order.

crypto/tls: change advertised ciphersuite order.

TLS clients send ciphersuites in preference order (most prefereable
first). This change alters the order so that ECDHE comes before plain
RSA, and RC4 comes before AES (because of the Lucky13 attack).

This is unlikely to have much effect: as a server, the code uses the
client's ciphersuite order by default and, as a client, the non-Go
server probably imposes its order.

[agl1, 2013-06-18 18:02:03]

Hello golang-dev@googlegroups.com (cc: golang-dev@googlegroups.com),

I'd like you to review this change to
https://code.google.com/p/go/

[r, 2013-06-18 18:33:57]

LGTM

[raggi, 2013-06-18 20:04:24]

On 2013/06/18 18:33:57, r wrote:
> LGTM

LGTM, thanks Adam. I'll close the other ticket.

[jsing, 2013-06-19 01:17:59]

Can we add the reason for the ordering in a comment above cipherSuites?
Currently they are ordered by cipher suite ID - the new order is less obvious
without the corresponding change description.

[agl1, 2013-06-19 20:42:57]

On Tue, Jun 18, 2013 at 9:17 PM,  <jsing@google.com> wrote:
> Can we add the reason for the ordering in a comment above cipherSuites?

Good point. Will do.

[agl1, 2013-06-19 20:47:05]

*** Submitted as https://code.google.com/p/go/source/detail?r=9ab9ac0001a0 ***

crypto/tls: change advertised ciphersuite order.

TLS clients send ciphersuites in preference order (most prefereable
first). This change alters the order so that ECDHE comes before plain
RSA, and RC4 comes before AES (because of the Lucky13 attack).

This is unlikely to have much effect: as a server, the code uses the
client's ciphersuite order by default and, as a client, the non-Go
server probably imposes its order.

R=golang-dev, r, raggi, jsing
CC=golang-dev
https://codereview.appspot.com/10372045