Skip to content

Commit

Permalink
Reorder ciphers to prefer TLS1.3 (#346)
Browse files Browse the repository at this point in the history 
* Update ordering of ciphers
* Update tls_test.go
  • Loading branch information
@sgorbaty
sgorbaty authored May 18, 2021
1 parent 5805a5f commit 30faf11
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
6 changes: 3 additions & 3 deletions tls.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,17 @@ var unsafeCipherSuites = map[string][]uint16{

var cipherSuites = map[string][]uint16{
"AES": {
tls.TLS_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_AES_128_GCM_SHA256,
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_AES_256_GCM_SHA384,
},
"CHACHA": {
tls.TLS_CHACHA20_POLY1305_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_CHACHA20_POLY1305_SHA256,
},
}

Expand Down
4 changes: 2 additions & 2 deletions tls_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,11 +253,11 @@ func TestCipherSuitePreference(t *testing.T) {

conf, err = buildConfig("CHACHA,AES")
assert.Nil(t, err, "should be able to build TLS config")
assert.True(t, conf.CipherSuites[0] == tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, "expecting ChaCha20")
assert.True(t, conf.CipherSuites[0] == tls.TLS_CHACHA20_POLY1305_SHA256, "expecting TLS 1.3 ChaCha20")

conf, err = buildConfig("AES,CHACHA")
assert.Nil(t, err, "should be able to build TLS config")
assert.True(t, conf.CipherSuites[0] == tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "expecting AES")
assert.True(t, conf.CipherSuites[0] == tls.TLS_AES_128_GCM_SHA256, "expecting TLS 1.3 AES")

conf, err = buildConfig("AES,CHACHA,UNSAFE-AZURE")
assert.NotNil(t, err, "should not be able to build TLS config with unsafe cipher suite without flag")
Expand Down

0 comments on commit 30faf11

Please sign in to comment.