c1e0f9a3a3
https://groups.google.com/forum/#!topic/golang-announce/9eqIHqaWvck "Go's crypto libraries passed certain parameters unchecked to the underlying big integer library, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates or the Go SSH server libraries are both exposed to this vulnerability. This is CVE-2016-3959 and was addressed by this change: https://golang.org/cl/21533 Thanks to David Wong for identifying this issue."