crypto/tls: add DHE support

[gopherbot]

by stalkr:

ECDHE is supported but not DHE. It would be nice to support it so it could be added to
existing cipher suites.

Server https://developers.databox.com only support DHE ciphers:
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-SEED-SHA

Which makes Go fail: Get https://developers.databox.com: remote error: handshake failure

Reference: https://groups.google.com/forum/#!topic/golang-nuts/hqm_ssUNUtI

[gopherbot]

Comment 1 by frank@runscope.com:

I'm also seeing errors in the CA chain for 
Get https://api.moip.com.br/: x509: certificate signed by unknown authority (possibly
because of "x509: cannot verify signature: algorithm unimplemented" while trying to
verify candidate authority certificate "COMODO RSA Certification Authority")
It seems like everyone reissuing/updating certificates with the recent Heartbleed
announcement are getting new certificates that aren't fully supported by crypto/tls.

[gopherbot]

Comment 2 by stalkr:

re #1: as replied on go-nuts this is a separate issue, crypto/sha512 is not imported by
default (see also https://golang.org/cl/84700045).

[gopherbot]

Comment 4 by stalkr:

re #2: crypto/sha512 is now imported by default https://golang.org/cl/87670045

[ianlancetaylor]

Comment 5:

Labels changed: added repo-main, release-none.

[mstoykov]

Is this being worked on?

Or does anyone know how to work around this?

[bradfitz]

@mstoykov, I would ask on the golang-nuts mailing list. But I don't know of anybody working on this.