jrwren/gist:c1cf9d5a938d56d5f410312031115c6c

## gistfile1.txt
diff --git a/src/tls/cipher_suites.go b/src/cipher_suites.go
index 9eb699f1c..99c169a7a 100644
--- a/src/tls/cipher_suites.go
+++ b/src/tls/cipher_suites.go
@@ -13,6 +13,7 @@ import (
        "crypto/rc4"
        "crypto/sha1"
        "crypto/sha256"
+       "crypto/sha512"
        "crypto/x509"
        "hash"
        "internal/x/crypto/chacha20poly1305"
@@ -85,7 +86,9 @@ var cipherSuites = []*cipherSuite{
        {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
        {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
        {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
+       {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, cipherAES, macSHA384, nil},
        {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
+       {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, cipherAES, macSHA256, nil},
        {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil},
        {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
        {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil},
@@ -94,6 +97,7 @@ var cipherSuites = []*cipherSuite{
        {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
        {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil},
        {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil},
+       {TLS_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, rsaKA, suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
        {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil},
        {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil},

@@ -152,6 +156,19 @@ func macSHA1(version uint16, key []byte) macFunction {
        return tls10MAC{h: hmac.New(newConstantTimeHash(sha1.New), key)}
 }

+// macSHA384 returns a macFunction for the given protocol version.
+func macSHA384(version uint16, key []byte) macFunction {
+       if version == VersionSSL30 {
+               mac := ssl30MAC{
+                       h:   sha512.New384(),
+                       key: make([]byte, len(key)),
+               }
+               copy(mac.key, key)
+               return mac
+       }
+       return tls10MAC{h: hmac.New(sha512.New384, key)}
+}
+
 // macSHA256 returns a SHA-256 based MAC. These are only supported in TLS 1.2
 // so the given version is ignored.
 func macSHA256(version uint16, key []byte) macFunction {
@@ -443,6 +460,7 @@ const (
        TLS_RSA_WITH_AES_128_CBC_SHA            uint16 = 0x002f
        TLS_RSA_WITH_AES_256_CBC_SHA            uint16 = 0x0035
        TLS_RSA_WITH_AES_128_CBC_SHA256         uint16 = 0x003c
+       TLS_RSA_WITH_AES_256_CBC_SHA256         uint16 = 0x003d
        TLS_RSA_WITH_AES_128_GCM_SHA256         uint16 = 0x009c
        TLS_RSA_WITH_AES_256_GCM_SHA384         uint16 = 0x009d
        TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        uint16 = 0xc007
        @@ -453,7 +471,9 @@ const (
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      uint16 = 0xc013
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      uint16 = 0xc014
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023
+       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xc024
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   uint16 = 0xc027
+       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   uint16 = 0xc028
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   uint16 = 0xc02f
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   uint16 = 0xc030
diff --git a/src/tls/decrypt.go b/src/tls/decrypt.go
index 0cc354a61..e9569a81c 100644
--- a/src/tls/decrypt.go
+++ b/src/tls/decrypt.go
@@ -178,6 +178,7 @@ var csByName = map[string]uint16{
        "TLS_RSA_WITH_3DES_EDE_CBC_SHA":           0x000a,
        "TLS_RSA_WITH_AES_128_CBC_SHA":            0x002f,
        "TLS_RSA_WITH_AES_256_CBC_SHA":            0x0035,
+       "TLS_RSA_WITH_AES_256_CBC_SHA256":         0x003d,
        "TLS_RSA_WITH_AES_128_GCM_SHA256":         0x009c,
        "TLS_RSA_WITH_AES_256_GCM_SHA384":         0x009d,
        "TLS_AES_128_GCM_SHA256":                  0x1301,
@@ -191,7 +192,9 @@ var csByName = map[string]uint16{
        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA":      0xc013,
        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA":      0xc014,
        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 0xc023,
+       "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 0xc024,
        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256":   0xc027,
+       "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384":   0xc028,
        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 0xc02b,
        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 0xc02c,
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256":   0xc02f,
	diff --git a/src/tls/cipher_suites.go b/src/cipher_suites.go
	index 9eb699f1c..99c169a7a 100644
	--- a/src/tls/cipher_suites.go
	+++ b/src/tls/cipher_suites.go
	@@ -13,6 +13,7 @@ import (
	"crypto/rc4"
	"crypto/sha1"
	"crypto/sha256"
	+ "crypto/sha512"
	"crypto/x509"
	"hash"
	"internal/x/crypto/chacha20poly1305"
	@@ -85,7 +86,9 @@ var cipherSuites = []*cipherSuite{
	{TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheECDSAKA, suiteECDHE \| suiteECDSA \| suiteTLS12 \| suiteSHA384, nil, nil, aeadAESGCM},
	{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE \| suiteTLS12 \| suiteDefaultOff, cipherAES, macSHA256, nil},
	{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
	+ {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheRSAKA, suiteECDHE \| suiteTLS12 \| suiteSHA384, cipherAES, macSHA384, nil},
	{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheECDSAKA, suiteECDHE \| suiteECDSA \| suiteTLS12 \| suiteDefaultOff, cipherAES, macSHA256, nil},
	+ {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheECDSAKA, suiteECDHE \| suiteECDSA \| suiteTLS12 \| suiteSHA384, cipherAES, macSHA256, nil},
	{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE \| suiteECDSA, cipherAES, macSHA1, nil},
	{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
	{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE \| suiteECDSA, cipherAES, macSHA1, nil},
	@@ -94,6 +97,7 @@ var cipherSuites = []*cipherSuite{
	{TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, suiteTLS12 \| suiteDefaultOff, cipherAES, macSHA256, nil},
	{TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil},
	{TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil},
	+ {TLS_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, rsaKA, suiteTLS12 \| suiteDefaultOff, cipherAES, macSHA256, nil},
	{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil},
	{TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil},

	@@ -152,6 +156,19 @@ func macSHA1(version uint16, key []byte) macFunction {
	return tls10MAC{h: hmac.New(newConstantTimeHash(sha1.New), key)}
	}

	+// macSHA384 returns a macFunction for the given protocol version.
	+func macSHA384(version uint16, key []byte) macFunction {
	+ if version == VersionSSL30 {
	+ mac := ssl30MAC{
	+ h: sha512.New384(),
	+ key: make([]byte, len(key)),
	+ }
	+ copy(mac.key, key)
	+ return mac
	+ }
	+ return tls10MAC{h: hmac.New(sha512.New384, key)}
	+}
	+
	// macSHA256 returns a SHA-256 based MAC. These are only supported in TLS 1.2
	// so the given version is ignored.
	func macSHA256(version uint16, key []byte) macFunction {
	@@ -443,6 +460,7 @@ const (
	TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f
	TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035
	TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003c
	+ TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003d
	TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c
	TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d
	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007
	@@ -453,7 +471,9 @@ const (
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014
	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023
	+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xc024
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc027
	+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xc028
	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f
	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b
	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030
	diff --git a/src/tls/decrypt.go b/src/tls/decrypt.go
	index 0cc354a61..e9569a81c 100644
	--- a/src/tls/decrypt.go
	+++ b/src/tls/decrypt.go
	@@ -178,6 +178,7 @@ var csByName = map[string]uint16{
	"TLS_RSA_WITH_3DES_EDE_CBC_SHA": 0x000a,
	"TLS_RSA_WITH_AES_128_CBC_SHA": 0x002f,
	"TLS_RSA_WITH_AES_256_CBC_SHA": 0x0035,
	+ "TLS_RSA_WITH_AES_256_CBC_SHA256": 0x003d,
	"TLS_RSA_WITH_AES_128_GCM_SHA256": 0x009c,
	"TLS_RSA_WITH_AES_256_GCM_SHA384": 0x009d,
	"TLS_AES_128_GCM_SHA256": 0x1301,
	@@ -191,7 +192,9 @@ var csByName = map[string]uint16{
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 0xc013,
	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 0xc014,
	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 0xc023,
	+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 0xc024,
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 0xc027,
	+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": 0xc028,
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 0xc02b,
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 0xc02c,
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 0xc02f,