You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This line says "RC4 comes before AES (because of the Lucky13 attack)" when it should be clarified that AES-GCM is safe and therefore preferred over RC4.
The text was updated successfully, but these errors were encountered:
A comment existed referencing RC4 coming before AES because of it's
vulnerability to the Lucky 13 attack. This clarifies that the Lucky 13 attack
only effects AES-CBC, and not AES-GCM.
Fixesgolang#14474
Change-Id: Idcb07b5e0cdb0f9257cf75abea60129ba495b5f5
Reviewed-on: https://go-review.googlesource.com/19845
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
A comment existed referencing RC4 coming before AES because of it's
vulnerability to the Lucky 13 attack. This clarifies that the Lucky 13 attack
only effects AES-CBC, and not AES-GCM.
Fixesgolang#14474
Change-Id: Idcb07b5e0cdb0f9257cf75abea60129ba495b5f5
Reviewed-on: https://go-review.googlesource.com/19845
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L77
This line says "RC4 comes before AES (because of the Lucky13 attack)" when it should be clarified that AES-GCM is safe and therefore preferred over RC4.
The text was updated successfully, but these errors were encountered: