From a611e3ecb1f480dcbfce3cb0c8c9e4058f56c1a4 Mon Sep 17 00:00:00 2001
From: Anit Gandhi <anitgandhi@gmail.com>
Date: Wed, 23 May 2018 18:02:28 -0400
Subject: [PATCH] crypto/tls: disable AES-GCM prioritization on arm64 for now

---
 src/crypto/tls/common.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 15d5eaffaa..32caa6233c 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -921,7 +921,14 @@ func initDefaultCipherSuites() {
 	// Check the cpu flags for each platform that has optimized GCM implementations.
 	// Worst case, these variables will just all be false
 	hasGCMAsmAMD64 := cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
-	hasGCMAsmARM64 := cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
+
+	// TODO: enable the arm64 HasAES && HasPMULL feature check after the
+	// optimized AES-GCM implementation for arm64 is merged (CL 107298).
+	// This is explicitly set to false for now to prevent misprioritization
+	// of AES-GCM based cipher suites, which will be slower than chacha20-poly1305
+	hasGCMAsmARM64 := false
+	// hasGCMAsmARM64 := cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
+
 	hasGCMAsmS390X := cpu.S390X.HasKM && (cpu.S390X.HasKMA || (cpu.S390X.HasKMCTR && cpu.S390X.HasKIMD))
 
 	hasGCMAsm := hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X