Support and enable Ed25519 TLS certificates by default on Go 1.13

[jrick]

On Go <=1.12, P-256 ECDSA certificates remain the default.

[jrick]

$ go version
go version go1.12.5 openbsd/amd64
$ gotip version
go version devel +13f179b Fri Jun 7 23:25:54 2019 +0000 openbsd/amd64
$ pwd
/home/jrick/src/dcrwallet
$ go install
$ dcrwallet -h | grep tlscurve
      --tlscurve=                              Curve to use when generating TLS keypairs (default: P-256)
$ gotip install
$ dcrwallet -h | grep tlscurve
      --tlscurve=                              Curve to use when generating TLS keypairs (default: Ed25519)

[matheusd]

I was able to connect to a dcrwallet instance running with a cert generated by this commit using openssl 1.1.1 and boringssl (master) by specifying -ed25519 but not from decrediton. I couldn't find a way to pass the equivalent of -ed25519 to the underlying lib.

However, for decrediton we currently always specify the curve when creating the corresponding dcrwallet.conf file so as long as P-256 is not totally disabled we should be ok with changing dcrwallet's default.

[jrick]

Hm, and the openssl cli command did not work without -ed25519? Very odd.

I know decrediton specifies P-256 currently because it had to with the old P-521 default. My worry isn't just about decrediton but also every other client built using openssl/boringssl/libressl.

Go clients are, of course, fine :)

[matheusd]

Btw, I got the following error when compiling with gotip:

internal/cfgutil/curve_ed25519.go:10:2: imported and not used: "crypto/elliptic"

Hm, and the openssl cli command did not work without -ed25519? Very odd.

openssl 1.1.0 did not work at all. Openssl 1.1.1 did work, without requiring any extra args. Boringssl was the one that required -ed25519.