Conversation

I think I've had enough of cipher suites for a while. The good news is that no one using Go will ever have to think about cipher suite ordering again, because we take care of it now! go-review.googlesource.com/c/go/+/314609/

Lines 217 to 269 of the linked CL file, showing a list of rules for sorting cipher suites.

read image description

ALT

254

This Tweet was deleted by the Tweet author. Learn more

Filippo Valsorda

@FiloSottile

Apr 28, 2021

It's another primitive to optimize and get wrong, it's slower, it has extra complexity in TLS 1.2 due to the unfortunate field negotiation, most deployments use weak sizes, and the patents concerns are now obsolete, if they were ever valid.

Replying to

and

ECDHE is also the only option for TLS 1.3. The only practical reason to use anything other than ECDHE is if you still support IE11 and use an RSA certificate rather than ECDSA. If you use an ECDSA certificate, even IE11 works fine with ECDHE so that's the best approach.

Replying to

and

Once you drop support for TLS 1.0 and 1.1, you don't lose much from only supporting ECDHE. ssl-config.mozilla.org intermediate level only supports ECDHE with an ECDSA certificate which is what's recommended. It only has DHE as a workaround that Internet Explorer RSA annoyance.

8:28 PM · Apr 28, 2021Twitter Web App

Likes