Change Golang orderingorigin/gdestuynder-patch-1

ECDSA on top, and AES128 before AES256 as per https://wiki.mozilla.org/Security/Server_Side_TLS#Prioritization_logic (4)

1 files changed, 3 insertions, 3 deletions

diff --git a/Server_Side_TLS.mediawiki b/Server_Side_TLS.mediawiki
index 8a4d37f..8192cb4 100644
--- a/Server_Side_TLS.mediawiki
+++ b/Server_Side_TLS.mediawiki
@@ -564,12 +564,12 @@ The Go standard library supports TLS1.2 and a limited subset of ECDHE and GCM ci
         MinVersion:               tls.VersionTLS10,
         PreferServerCipherSuites: true,
         CipherSuites: []uint16{
-            tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
             tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+            tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+            tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+            tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
             tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
             tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-            tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-            tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
             tls.TLS_RSA_WITH_AES_128_CBC_SHA,
             tls.TLS_RSA_WITH_AES_256_CBC_SHA,
             tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,