From 2040d32ef8f3a18c1ba19ae878a7682adf29ddec Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Fri, 31 Mar 2017 13:28:45 -0700
Subject: [PATCH] server/tls: Do not rely on a specific cipher suite (#4021)

Do not rely on a specific cipher suite instead let the
go choose the type of cipher needed, if the connection
is coming from clients which do not support forward
secrecy let the go tls handle this automatically based
on tls1.2 specifications.

Fixes #4017
---
 cmd/server-mux.go | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/cmd/server-mux.go b/cmd/server-mux.go
index 3ef812a5e..fe74d11d0 100644
--- a/cmd/server-mux.go
+++ b/cmd/server-mux.go
@@ -401,23 +401,8 @@ func (m *ServerMux) ListenAndServe(certFile, keyFile string) (err error) {
 		// Causes servers to use Go's default ciphersuite preferences,
 		// which are tuned to avoid attacks. Does nothing on clients.
 		PreferServerCipherSuites: true,
-		// Only use curves which have assembly implementations
-		CurvePreferences: []tls.CurveID{
-			tls.CurveP256,
-		},
 		// Set minimum version to TLS 1.2
 		MinVersion: tls.VersionTLS12,
-		CipherSuites: []uint16{
-			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-
-			// Best disabled, as they don't provide Forward Secrecy,
-			// but might be necessary for some clients
-			// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
-			// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
-		},
 	} // Always instantiate.
 
 	if tlsEnabled {