Nulo/kawipiko
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[server] Update TLS cipher selection.

Browse source
This commit is contained in:
Ciprian Dorin Craciun 2021-12-17 14:03:55 +02:00
parent dca0fa0313
commit e877b29bdd
1 changed files with 5 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
sources/cmd/server/server.go
View file

@ -1316,22 +1316,21 @@ func main_0 () (error) {
_tlsConfig := & tls.Config { _tlsConfig := & tls.Config {
Certificates : nil, Certificates : nil,
MinVersion : tls.VersionTLS12, MinVersion : tls.VersionTLS12,
MaxVersion : tls.VersionTLS13,
CipherSuites : []uint16 { CipherSuites : []uint16 {
// NOTE: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility // NOTE: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
// NOTE: https://github.com/golang/go/issues/29349
// NOTE: TLSv1.3 // NOTE: TLSv1.3
tls.TLS_CHACHA20_POLY1305_SHA256,
tls.TLS_AES_128_GCM_SHA256, tls.TLS_AES_128_GCM_SHA256,
tls.TLS_AES_256_GCM_SHA384, tls.TLS_AES_256_GCM_SHA384,
tls.TLS_CHACHA20_POLY1305_SHA256,
// NOTE: TLSv1.2 // NOTE: TLSv1.2
// NOTE: https://datatracker.ietf.org/doc/html/rfc7540#section-9.2.2
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
// NOTE: Required for HTTP/2.
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
}, },
Renegotiation : tls.RenegotiateNever, Renegotiation : tls.RenegotiateNever,
PreferServerCipherSuites : true,
SessionTicketsDisabled : true, SessionTicketsDisabled : true,
DynamicRecordSizingDisabled : true, DynamicRecordSizingDisabled : true,
NextProtos : []string { "http/1.1", "http/1.0" }, NextProtos : []string { "http/1.1", "http/1.0" },