This line says "RC4 comes before AES (because of the Lucky13 attack)" when it should be clarified that AES-GCM is safe and therefore preferred over RC4.
The text was updated successfully, but these errors were encountered:
A comment existed referencing RC4 coming before AES because of it's
vulnerability to the Lucky 13 attack. This clarifies that the Lucky 13 attack
only effects AES-CBC, and not AES-GCM.
Fixesgolang#14474
Change-Id: Idcb07b5e0cdb0f9257cf75abea60129ba495b5f5
Reviewed-on: https://go-review.googlesource.com/19845
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
A comment existed referencing RC4 coming before AES because of it's
vulnerability to the Lucky 13 attack. This clarifies that the Lucky 13 attack
only effects AES-CBC, and not AES-GCM.
Fixesgolang#14474
Change-Id: Idcb07b5e0cdb0f9257cf75abea60129ba495b5f5
Reviewed-on: https://go-review.googlesource.com/19845
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L77
This line says "RC4 comes before AES (because of the Lucky13 attack)" when it should be clarified that AES-GCM is safe and therefore preferred over RC4.
The text was updated successfully, but these errors were encountered: