https://go.dev/blog/tls-cipher-suites
In case anyone has not seen it, Filippo has published a blog post which shows how SSL Cypher Suite negotiation is fundamentally broken in the older TLS versions. My understanding of the post is that to run a secure server on the internet, just make sure you are building with Go 1.17.1 (or whatever is the latest version), you no longer need to specify choice of secure CipherSuites that you accept. Go's Crypto will just do the right thing, and as application developers we no longer need to get involved in the details. This supersedes the advice in Flippo's 2016 Cloudflare post on the subject, (though setting sensible timeouts to mitigate DDOS attacks is still a good idea). Have I understood this right? -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/11990199-b7b3-43cf-b134-cfb3fc93a3c6n%40googlegroups.com.
