Is it reliable enough for use in production code? In particular, as a TLS client.
If not, is there a documented method for calling the OpenSSL library from Go?
From http://blog.golang.org/a-conversation-with-the-go-team :
On the mailing lists, Adam Langley stated that the TLS code was not reviewed by external groups and therefore should not be used in production. Is code verification planned? A good secure parallel TLS implementation will be very enjoyable.Adam : Cryptography is known to be easy to catch in subtle and amazing ways, and I'm only human. I donβt feel that I can guarantee that the Gos TLS code is flawless and I would not want to distort it.There are several places where it is known that the code has side problems: the RSA code is blinded, but not constant time, elliptic curves other than P-224 are not constant time, and the Lucky13 attack can work. I hope to refer to the last two time frames in Go 1.2 with the implementation of the P-256 with constant time and AES-GCM.No one took a step forward to review the TLS stack and I did not investigate whether we can get Matasano or the like. This. It depends on whether Google wants to fund it.
On the mailing lists, Adam Langley stated that the TLS code was not reviewed by external groups and therefore should not be used in production. Is code verification planned? A good secure parallel TLS implementation will be very enjoyable.
Adam : Cryptography is known to be easy to catch in subtle and amazing ways, and I'm only human. I donβt feel that I can guarantee that the Gos TLS code is flawless and I would not want to distort it.
There are several places where it is known that the code has side problems: the RSA code is blinded, but not constant time, elliptic curves other than P-224 are not constant time, and the Lucky13 attack can work. I hope to refer to the last two time frames in Go 1.2 with the implementation of the P-256 with constant time and AES-GCM.
No one took a step forward to review the TLS stack and I did not investigate whether we can get Matasano or the like. This. It depends on whether Google wants to fund it.
It is known that he is susceptible to attacks of some side channels, so no, he is probably not good enough yet.
FWIW, now there is the possibility of high-performance OpenSSL bindings from Go: https://github.com/spacemonkeygo/openssl