21a3c0f482
This change disables the non-constant-time implementations of P-384 and P-521. As a consequence a client using just these curves cannot connect to the server. This should be no real issues because (all) clients at least support P-256. Further this change also rejects ECDSA private keys of P-384 and P-521. While non-constant-time implementations for the ECDHE exchange don't expose an obvious vulnerability, using P-384 or P-521 keys for the ECDSA signature may allow pratical timing attacks. Fixes #5844 |
||
|---|---|---|
| .. | ||
| bufconn.go | ||
| bufconn_test.go | ||
| conn_bug_21133.go | ||
| listener.go | ||
| listener_test.go | ||
| server.go | ||
| server_test.go | ||