Skip to content

Commit

Permalink
Add custom CipherSuites
Browse files Browse the repository at this point in the history
  • Loading branch information
vkuznet committed Jun 18, 2024
1 parent 0d3729e commit 9141c90
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 2 deletions.
7 changes: 5 additions & 2 deletions data.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ package main

import (
"encoding/json"
"fmt"
"log"

"github.com/shirou/gopsutil/load"
"github.com/shirou/gopsutil/net"
Expand Down Expand Up @@ -65,6 +65,7 @@ type Configuration struct {
Providers []string `json:"providers` // list of JWKS providers
MinTLSVersion string `json:"minTLSVersion"` // minimum TLS version
MaxTLSVersion string `json:"maxTLSVersion"` // maximum TLS version
CipherSuites string `json:"cipher_suites"` // use custom CipherSuites
InsecureSkipVerify bool `json:"insecureSkipVerify"` // tls configuration option
LetsEncrypt bool `json:"lets_encrypt"` // start LetsEncrypt HTTPs server
DomainNames []string `json:"domain_names"` // list of domain names to use for LetsEncrypt
Expand All @@ -82,8 +83,10 @@ func (c Configuration) String() string {
data, err := json.MarshalIndent(c, "", " ")
if err == nil {
return string(data)
} else {
log.Println("unable to marshal Configuration object", err)
}
return fmt.Sprintf("%+v", c)
return ""
}

// ServerSettings controls server parameters
Expand Down
35 changes: 35 additions & 0 deletions utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,41 @@ func getServer(serverCrt, serverKey string, customVerify bool) (*http.Server, er
log.Println("use maxTLSVersion", maxVer)
tlsConfig.MaxVersion = uint16(maxVer)
}
if Config.CipherSuites == "frontend" {
tlsConfig.CipherSuites = []uint16{
// TLS 1.0 - 1.2 cipher suites.
tls.TLS_RSA_WITH_RC4_128_SHA,
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,

// TLS 1.3 cipher suites.
tls.TLS_AES_128_GCM_SHA256,
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_CHACHA20_POLY1305_SHA256,

// fallback
tls.TLS_FALLBACK_SCSV,
}
}
// setup HTTPs server
addr := fmt.Sprintf(":%d", Config.Port)
server := &http.Server{
Expand Down

0 comments on commit 9141c90

Please sign in to comment.