Skip to content

Commit

Permalink
drop hardcoded configs around TLS 1.x (cesanta#232)
Browse files Browse the repository at this point in the history 
Modern Go versions (1.9 and 1.10) as of this commit are much better
about cipher suite selection and the ssl/tls protocols used. In fact,
SSLv3 needs to be explicitly enabled now.

Fixes: cesanta#231
  • Loading branch information
@adamdecaf @rojer
adamdecaf authored and rojer committed Jun 1, 2018
1 parent 335f36b commit fb1183a
Showing 1 changed file with 0 additions and 12 deletions.
12 changes: 0 additions & 12 deletions auth_server/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,19 +50,7 @@ func ServeOnce(c *server.Config, cf string, hd *httpdown.HTTP) (*server.AuthServ
}

tlsConfig := &tls.Config{
MinVersion: tls.VersionTLS10,
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
NextProtos: []string{"http/1.1"},
}
if c.Server.CertFile != "" || c.Server.KeyFile != "" {
// Check for partial configuration.
Expand Down

0 comments on commit fb1183a

Please sign in to comment.