crypto/tls: pick ECDHE curves based on server preference.

Currently an ECDHE handshake uses the client's curve preference. This generally means that we use P-521. However, P-521's strength is mismatched with the rest of the cipher suite in most cases and we have a fast, constant-time implementation of P-256. With this change, Go servers will use P-256 where the client supports it although that can be overridden in the Config. LGTM=bradfitz R=bradfitz CC=golang-codereviews https://golang.org/cl/66060043
2025-12-08 06:10:04 +00:00 · 2014-02-24 17:57:51 -05:00 · 2014-02-24 17:57:51 -05:00 · db99a8faa8
commit db99a8faa8
parent e6e8945001
30 changed files with 793 additions and 801 deletions
--- a/src/pkg/crypto/tls/handshake_server_test.go
+++ b/src/pkg/crypto/tls/handshake_server_test.go
@ -121,7 +121,7 @@ func TestTLS12OnlyCipherSuites(t *testing.T) {
 			TLS_RSA_WITH_RC4_128_SHA,
 		},
 		compressionMethods: []uint8{compressionNone},
-		supportedCurves:    []uint16{curveP256, curveP384, curveP521},
+		supportedCurves:    []CurveID{CurveP256, CurveP384, CurveP521},
 		supportedPoints:    []uint8{pointFormatUncompressed},
 	}