Something just pointed out to me(*) that I don't understand: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is in tls.CipherSuites() <https://go.dev/play/p/yFl-V5MrGHh> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is in tls.InsecureCipherSuites() <https://go.dev/play/p/ey1z_wG4Ezw>
Why is the SHA256 variant considered "insecure", but the SHA (presumably SHA1) variant "secure"? Are these actually different cipher suites but with confusingly similar names? (*) https://groups.google.com/g/prometheus-users/c/SJYu7cH_XKQ -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/9c08a688-051c-4b95-9d55-6b5c42d12086n%40googlegroups.com.
