Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: generate_cert.go should document that some ECDSA curves don't have browser support #19901

Closed
kevinburke opened this issue Apr 9, 2017 · 1 comment
Closed

crypto/tls: generate_cert.go should document that some ECDSA curves don't have browser support #19901

kevinburke opened this issue Apr 9, 2017 · 1 comment
Labels
Documentation FrozenDueToAge

Comments

@kevinburke
Copy link
Contributor

kevinburke commented Apr 9, 2017
edited

I ran generate_cert.go and figured the highest numbered ECDSA curve (P521) was the best one. It turns out that curve isn't supported in the latest versions of Chrome, Chromium and Firefox, which (as best as I can tell) only support P256 and P384.

If you try to connect using those certificates, you get a confusing remote error: tls: illegal parameter error message.

See also #19900.
@aead
Copy link
Contributor

aead commented Apr 10, 2017

I would recommend to not use P512 and instead use X25519, P256 or P224 because the Go TLS package does not provide/use a constant time implementation of P384 or P512 yet. Using P384 or P512 can enable side-channel attacks.

lparth pushed a commit to lparth/go that referenced this issue Apr 13, 2017
@kevinburke @lparth
crypto/tls: recommend P256 elliptic curve
e14d899 
Users (like myself) may be tempted to think the higher-numbered curve
is somehow better or more secure, but P256 is currently the best
ECDSA implementation, due to its better support in TLS clients, and a
constant time implementation.

For example, sites that present a certificate signed with P521
currently fail to load in Chrome stable, and the error on the Go side
says simply "remote error: tls: illegal parameter".

Fixes golang#19901.

Change-Id: Ia5e689e7027ec423624627420e33029c56f0bd82
Reviewed-on: https://go-review.googlesource.com/40211
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@golang golang locked and limited conversation to collaborators Apr 10, 2018
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@kevinburke @bradfitz
crypto/tls: recommend P256 elliptic curve
fea4b4c 
Users (like myself) may be tempted to think the higher-numbered curve
is somehow better or more secure, but P256 is currently the best
ECDSA implementation, due to its better support in TLS clients, and a
constant time implementation.

For example, sites that present a certificate signed with P521
currently fail to load in Chrome stable, and the error on the Go side
says simply "remote error: tls: illegal parameter".

Fixes golang#19901.

Change-Id: Ia5e689e7027ec423624627420e33029c56f0bd82
Reviewed-on: https://go-review.googlesource.com/40211
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@kevinburke @bradfitz
crypto/tls: recommend P256 elliptic curve
20de550 
Users (like myself) may be tempted to think the higher-numbered curve
is somehow better or more secure, but P256 is currently the best
ECDSA implementation, due to its better support in TLS clients, and a
constant time implementation.

For example, sites that present a certificate signed with P521
currently fail to load in Chrome stable, and the error on the Go side
says simply "remote error: tls: illegal parameter".

Fixes golang#19901.

Change-Id: Ia5e689e7027ec423624627420e33029c56f0bd82
Reviewed-on: https://go-review.googlesource.com/40211
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Documentation FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kevinburke @gopherbot @aead