minio/cmd/http
Andreas Auernhammer 21a3c0f482 disable elliptic curves P-384 and P-521 for TLS. (#5845)
This change disables the non-constant-time implementations of P-384 and P-521.
As a consequence a client using just these curves cannot connect to the server.
This should be no real issues because (all) clients at least support P-256.

Further this change also rejects ECDSA private keys of P-384 and P-521.
While non-constant-time implementations for the ECDHE exchange don't expose an
obvious vulnerability, using P-384 or P-521 keys for the ECDSA signature may allow
pratical timing attacks.

Fixes #5844
2018-04-24 15:47:30 -07:00
..
bufconn_test.go Move http package inside cmd (#5776) 2018-04-05 14:19:27 -07:00
bufconn.go Move http package inside cmd (#5776) 2018-04-05 14:19:27 -07:00
conn_bug_21133.go Move http package inside cmd (#5776) 2018-04-05 14:19:27 -07:00
listener_test.go Create logger package and rename errorIf to LogIf (#5678) 2018-04-05 15:04:40 -07:00
listener.go Create logger package and rename errorIf to LogIf (#5678) 2018-04-05 15:04:40 -07:00
server_test.go Move http package inside cmd (#5776) 2018-04-05 14:19:27 -07:00
server.go disable elliptic curves P-384 and P-521 for TLS. (#5845) 2018-04-24 15:47:30 -07:00