I'm working on a project that requires connecting to a myriad of servers running a wide variety of software using HTTPS. Because I have no real influence over their configuration, I'm forced to use the ciphers they allow. There's a few that aren't included in Go, and I'm curious as to why or if you're open to supporting them:
I've found a few other issues mentioning not using CBC where it can be avoided, but it can't in this case. Is there a reason these wouldn't be supported, but the same variants with other SHA versions would? For example, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 isn't defined, but TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is. All three of those are like this, where just the SHA version is different and not necessarily better.
The text was updated successfully, but these errors were encountered: