Nulo/kawipiko
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[server] Configure TLS options

Browse source
This commit is contained in:
Ciprian Dorin Craciun 2019-08-15 10:06:06 +03:00
parent f4a57a9265
commit e19a33fc1f
1 changed files with 23 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
sources/cmd/server/server.go
View file

@ -1068,7 +1068,29 @@ func main_0 () (error) {
} }
_tlsConfig := & tls.Config {} _tlsConfig := & tls.Config {
Certificates : nil,
MinVersion : tls.VersionTLS12,
CipherSuites : []uint16 {
// NOTE: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
// NOTE: TLSv1.3
tls.TLS_AES_128_GCM_SHA256,
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_CHACHA20_POLY1305_SHA256,
// NOTE: TLSv1.2
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
// NOTE: Required for HTTP/2.
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
},
Renegotiation : tls.RenegotiateNever,
PreferServerCipherSuites : true,
SessionTicketsDisabled : true,
DynamicRecordSizingDisabled : true,
}
if _certificate, _error := tls.X509KeyPair ([]byte (DefaultTlsCertificatePublic), []byte (DefaultTlsCertificatePrivate)); _error == nil { if _certificate, _error := tls.X509KeyPair ([]byte (DefaultTlsCertificatePublic), []byte (DefaultTlsCertificatePrivate)); _error == nil {
_tlsConfig.Certificates = append (_tlsConfig.Certificates, _certificate) _tlsConfig.Certificates = append (_tlsConfig.Certificates, _certificate)
} else { } else {