ainghazal
commented
2 years ago closing; this is needed no more since the provider has moved to more modern ciphersuites. for the record I tried to backport the above fork to be applied on top of oocrypto but it was no trivial.
Some providers I was intending to test against have an old ciphersuite that is not supported by go standard library:
https://github.com/golang/go/issues/31933#issuecomment-491958084
We are very unlikely to implement finite field DH in crypto/tls for the reasons mentioned by @jamie-digital. It's a bad design, very hard to implement securely and in constant time, and superseded by ECDHE. I am also unaware of any clients that support DHE but not the plain RSA ciphers, which we carry along for compatibility (and so we can avoid adding the complexity of things like DHE instead). Feature parity is explicitly a non-goal of crypto/tls.https://github.com/golang/go/issues/31933 https://github.com/golang/go/issues/7758
There's a fork that adds some old ciphers https://github.com/mordyovits/golang-crypto-tls
for some coments, it looks like the quality of that code might be subpar, but perhaps worth a try