mirrors/webhook
1
0
Fork 0
mirror of https://github.com/adnanh/webhook.git synced 2025-05-23 05:42:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add list cipher suites support

Browse source
This commit is contained in:
Cameron Moore 2019-12-03 21:35:16 -06:00
parent 997db04b9f
commit f1003560f1
3 changed files with 35 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cipher_suites.go
View file

@ -59,6 +59,8 @@ func CipherSuites() []*CipherSuite {
{tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false}, {tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
{tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false}, {tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false},
{tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false}, {tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
// go1.14
// {tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false}, // {tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false},
// {tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false}, // {tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false},
} }

24
tls.go
View file

@ -2,10 +2,34 @@ package main
import ( import (
"crypto/tls" "crypto/tls"
"io"
"log" "log"
"strings" "strings"
) )
func writeTLSSupportedCipherStrings(w io.Writer, min uint16) error {
for _, c := range CipherSuites() {
var found bool
for _, v := range c.SupportedVersions {
if v >= min {
found = true
}
}
if !found {
continue
}
_, err := w.Write([]byte(c.Name + "\n"))
if err != nil {
return err
}
}
return nil
}
// getTLSMinVersion converts a version string into a TLS version ID. // getTLSMinVersion converts a version string into a TLS version ID.
func getTLSMinVersion(v string) uint16 { func getTLSMinVersion(v string) uint16 {
switch v { switch v {

9
webhook.go
View file

@ -40,6 +40,7 @@ var (
cert = flag.String("cert", "cert.pem", "path to the HTTPS certificate pem file") cert = flag.String("cert", "cert.pem", "path to the HTTPS certificate pem file")
key = flag.String("key", "key.pem", "path to the HTTPS certificate private key pem file") key = flag.String("key", "key.pem", "path to the HTTPS certificate private key pem file")
justDisplayVersion = flag.Bool("version", false, "display webhook version and quit") justDisplayVersion = flag.Bool("version", false, "display webhook version and quit")
justListCiphers = flag.Bool("list-cipher-suites", false, "list available TLS cipher suites")
tlsMinVersion = flag.String("tls-min-version", "1.2", "minimum TLS version (1.0, 1.1, 1.2, 1.3)") tlsMinVersion = flag.String("tls-min-version", "1.2", "minimum TLS version (1.0, 1.1, 1.2, 1.3)")
tlsCipherSuites = flag.String("cipher-suites", "", "comma-separated list of supported TLS cipher suites") tlsCipherSuites = flag.String("cipher-suites", "", "comma-separated list of supported TLS cipher suites")
@ -82,6 +83,14 @@ func main() {
os.Exit(0) os.Exit(0)
} }
if *justListCiphers {
err := writeTLSSupportedCipherStrings(os.Stdout, getTLSMinVersion(*tlsMinVersion))
if err != nil {
log.Fatal(err)
}
os.Exit(0)
}
if len(hooksFiles) == 0 { if len(hooksFiles) == 0 {
hooksFiles = append(hooksFiles, "hooks.json") hooksFiles = append(hooksFiles, "hooks.json")
} }