| Brad Fitzpatrick | 202ff48 | 2016-05-19 05:29:09 +0000 | [diff] [blame] | 1 | // Copyright 2016 The Go Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style |
| 3 | // license that can be found in the LICENSE file. |
| 4 | |
| 5 | // +build go1.6 |
| 6 | |
| 7 | package http2 |
| 8 | |
| 9 | import ( |
| Jonathan Rudenberg | b400c2e | 2016-06-19 15:44:24 -0400 | [diff] [blame] | 10 | "crypto/tls" |
| Brad Fitzpatrick | 202ff48 | 2016-05-19 05:29:09 +0000 | [diff] [blame] | 11 | "net/http" |
| 12 | "time" |
| 13 | ) |
| 14 | |
| 15 | func transportExpectContinueTimeout(t1 *http.Transport) time.Duration { |
| 16 | return t1.ExpectContinueTimeout |
| 17 | } |
| Jonathan Rudenberg | b400c2e | 2016-06-19 15:44:24 -0400 | [diff] [blame] | 18 | |
| 19 | // isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec. |
| 20 | func isBadCipher(cipher uint16) bool { |
| 21 | switch cipher { |
| 22 | case tls.TLS_RSA_WITH_RC4_128_SHA, |
| 23 | tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, |
| 24 | tls.TLS_RSA_WITH_AES_128_CBC_SHA, |
| 25 | tls.TLS_RSA_WITH_AES_256_CBC_SHA, |
| 26 | tls.TLS_RSA_WITH_AES_128_GCM_SHA256, |
| 27 | tls.TLS_RSA_WITH_AES_256_GCM_SHA384, |
| 28 | tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| 29 | tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| 30 | tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| 31 | tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
| 32 | tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, |
| 33 | tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| 34 | tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: |
| 35 | // Reject cipher suites from Appendix A. |
| 36 | // "This list includes those cipher suites that do not |
| 37 | // offer an ephemeral key exchange and those that are |
| 38 | // based on the TLS null, stream or block cipher type" |
| 39 | return true |
| 40 | default: |
| 41 | return false |
| 42 | } |
| 43 | } |
