Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/acme/autocert: Always uses ecdsa as key for client.CreateCert #17385

Closed
danilobuerger opened this issue Oct 8, 2016 · 2 comments
Closed

x/crypto/acme/autocert: Always uses ecdsa as key for client.CreateCert #17385

danilobuerger opened this issue Oct 8, 2016 · 2 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@danilobuerger
Copy link

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version go1.7.1 darwin/amd64

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/danilo/go"
GORACE=""
GOROOT="/usr/local/Cellar/go/1.7.1/libexec"
GOTOOLDIR="/usr/local/Cellar/go/1.7.1/libexec/pkg/tool/darwin_amd64"
CC="clang"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/s5/40xvmrjd7bbg4vglbfmtppz80000gn/T/go-build400687808=/tmp/go-build -gno-record-gcc-switches -fno-common"
CXX="clang++"
CGO_ENABLED="1"

What did you do?

m := autocert.Manager{
    Prompt: autocert.AcceptTOS,
    HostPolicy: autocert.HostWhitelist("example.org"),
}
s := &http.Server{
    Addr: ":https",
    TLSConfig: &tls.Config{GetCertificate: m.GetCertificate},
}
s.ListenAndServeTLS("", "")

What did you expect to see?

I want to be able to specify rsa for key usage instead of ecdsa. However

func (m *Manager) certState(domain string) (*certState, error)

forces the usage of ecdsa.
@quentinmit quentinmit added this to the Unreleased milestone Oct 9, 2016
@danilobuerger
Copy link
Author

@titanous @x1ddos I saw you implemented using ecdsa here: golang/crypto@0e31b18.

However, if your client is AWS Cloudfront, it won't be able to connect:

CloudFront forwards HTTPS requests to the origin server by using the following ciphers. Your origin server must support at least one of these ciphers for CloudFront to establish an HTTPS connection to your origin.

ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
AES256-SHA
AES128-SHA
DES-CBC3-SHA

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html

@titanous titanous mentioned this issue Dec 15, 2016
Closed
@bradfitz
Copy link
Contributor

Closing this in favor of the more active dup #17744 bug.

@golang golang locked and limited conversation to collaborators Dec 15, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@bradfitz @quentinmit @danilobuerger @gopherbot