[server] Update TLS cipher selection.
This commit is contained in:
Ciprian Dorin Craciun
parent
dca0fa0313
commit
e877b29bdd
1 changed files with 5 additions and 6 deletions
|
|
@ -1316,22 +1316,21 @@ func main_0 () (error) {
|
|||
_tlsConfig := & tls.Config {
|
||||
Certificates : nil,
|
||||
MinVersion : tls.VersionTLS12,
|
||||
MaxVersion : tls.VersionTLS13,
|
||||
CipherSuites : []uint16 {
|
||||
// NOTE: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
|
||||
// NOTE: https://github.com/golang/go/issues/29349
|
||||
// NOTE: TLSv1.3
|
||||
tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
tls.TLS_AES_128_GCM_SHA256,
|
||||
tls.TLS_AES_256_GCM_SHA384,
|
||||
tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
// NOTE: TLSv1.2
|
||||
// NOTE: https://datatracker.ietf.org/doc/html/rfc7540#section-9.2.2
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||
// NOTE: Required for HTTP/2.
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
},
|
||||
Renegotiation : tls.RenegotiateNever,
|
||||
PreferServerCipherSuites : true,
|
||||
SessionTicketsDisabled : true,
|
||||
DynamicRecordSizingDisabled : true,
|
||||
NextProtos : []string { "http/1.1", "http/1.0" },
|
||||
|
|
|
|||
Loading…
Reference in a new issue