Issue 5018045: code review 5018045: crypto/tls: support SSLv3

Issue 5018045: code review 5018045: crypto/tls: support SSLv3 (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
12 years, 7 months ago by agl1

Modified:
12 years, 7 months ago

Reviewers:

CC:
bradfitz, golang-dev

Visibility:
Public.

Description

crypto/tls: support SSLv3 It would be nice not to have to support this since all the clients that we care about support TLSv1 by now. However, due to buggy implementations of SSLv3 on the Internet which can't do version negotiation correctly, browsers will sometimes switch to SSLv3. Since there's no good way for a browser tell a network problem from a buggy server, this downgrade can occur even if the server in question is actually working correctly. So we need to support SSLv3 for robustness :( Fixes issue 1703.

Patch Set 1 #

Patch Set 2 : diff -r 1b800cd636c0 https://go.googlecode.com/hg/ #

Patch Set 3 : diff -r 1b800cd636c0 https://go.googlecode.com/hg/ #

Total comments: 3

Patch Set 4 : diff -r 683a34d57871 https://go.googlecode.com/hg/ #

Patch Set 5 : diff -r 683a34d57871 https://go.googlecode.com/hg/ #

Patch Set 6 : diff -r 683a34d57871 https://go.googlecode.com/hg/ #

Created: 12 years, 7 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+431 lines, -118 lines)			Patch
M	src/pkg/crypto/tls/cipher_suites.go	View	1	4 chunks	+76 lines, -8 lines	0 comments	Download
M	src/pkg/crypto/tls/common.go	View	1	1 chunk	+5 lines, -2 lines	0 comments	Download
M	src/pkg/crypto/tls/conn.go	View	1	6 chunks	+34 lines, -18 lines	0 comments	Download
M	src/pkg/crypto/tls/handshake_client.go	View	1	3 chunks	+6 lines, -6 lines	0 comments	Download
M	src/pkg/crypto/tls/handshake_client_test.go	View	1	1 chunk	+1 line, -0 lines	0 comments	Download
M	src/pkg/crypto/tls/handshake_messages.go	View	1	2 chunks	+3 lines, -3 lines	0 comments	Download
M	src/pkg/crypto/tls/handshake_messages_test.go	View	1	2 chunks	+7 lines, -6 lines	0 comments	Download
M	src/pkg/crypto/tls/handshake_server.go	View	1	4 chunks	+7 lines, -8 lines	0 comments	Download
M	src/pkg/crypto/tls/handshake_server_test.go	View	1 2 3	5 chunks	+168 lines, -47 lines	0 comments	Download
M	src/pkg/crypto/tls/key_agreement.go	View	1	3 chunks	+10 lines, -6 lines	0 comments	Download
M	src/pkg/crypto/tls/prf.go	View	1	6 chunks	+95 lines, -12 lines	0 comments	Download
M	src/pkg/crypto/tls/prf_test.go	View	1	7 chunks	+19 lines, -2 lines	0 comments	Download

Messages

Total messages: 3

Expand All Messages | Collapse All Messages

agl1

Hello bradfitz@golang.org (cc: golang-dev@googlegroups.com), I'd like you to review this change to https://go.googlecode.com/hg/

12 years, 7 months ago (2011-09-14 17:57:13 UTC) #1

bradfitz

LGTM http://codereview.appspot.com/5018045/diff/3001/src/pkg/crypto/tls/cipher_suites.go File src/pkg/crypto/tls/cipher_suites.go (right): http://codereview.appspot.com/5018045/diff/3001/src/pkg/crypto/tls/cipher_suites.go#newcode86 src/pkg/crypto/tls/cipher_suites.go:86: type macFunction interface { little bit of a ...

12 years, 7 months ago (2011-09-14 18:11:27 UTC) #2

agl1

12 years, 7 months ago (2011-09-14 19:32:31 UTC) #3

*** Submitted as http://code.google.com/p/go/source/detail?r=51381e821177 ***

crypto/tls: support SSLv3

It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.

So we need to support SSLv3 for robustness :(

Fixes issue 1703.

R=bradfitz
CC=golang-dev
http://codereview.appspot.com/5018045

Expand All Messages | Collapse All Messages