Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
proposal: crypto/tls: add TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 support #21633
Please answer these questions before submitting your issue. Thanks!
Our security team requires
What version of Go are you using (
This would be the only suite with a SHA384 MAC.
Not a fan of enabling CBC to keep going on in this world (as opposed to AEAD modes) except as a backwards compatibility crutch. But based on what @agl decides, happy to implement it.
Some outbound outlook.com SMTP relays try to use this cipher suite. There is no other suite in the Go tls package that matches, so those connections cannot use STARTTLS.
This is not a particularly compelling argument for adding support, rather than Microsoft fixing their servers, but it offers at least some explanation.