Skip to content
Snippets Groups Projects
Commit 0cc06229 authored by ale's avatar ale
Browse files

Use HTTP/2-compatible TLS ciphers

parent cd9ee1e6
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 6 additions and 1 deletion
serverutil/tls.go
+ 6
1
View file @ 0cc06229
...@@ -60,6 +60,11 @@ func (c *TLSAuthConfig) match(req *http.Request) bool { ...@@ -60,6 +60,11 @@ func (c *TLSAuthConfig) match(req *http.Request) bool {
return false return false
} }
var serverCiphers = []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
}
// TLSServerConfig configures a TLS server with client authentication // TLSServerConfig configures a TLS server with client authentication
// and authorization based on the client X509 certificate. // and authorization based on the client X509 certificate.
type TLSServerConfig struct { type TLSServerConfig struct {
...@@ -87,7 +92,7 @@ func (c *TLSServerConfig) TLSConfig() (*tls.Config, error) { ...@@ -87,7 +92,7 @@ func (c *TLSServerConfig) TLSConfig() (*tls.Config, error) {
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert, ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: cas, ClientCAs: cas,
CipherSuites: []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384}, CipherSuites: serverCiphers,
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
PreferServerCipherSuites: true, PreferServerCipherSuites: true,
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment