Add list cipher suites support

2025-05-23 05:42:30 +00:00 · 2019-12-03 21:35:16 -06:00 · 2019-12-03 21:35:16 -06:00 · f1003560f1
commit f1003560f1
parent 997db04b9f
3 changed files with 35 additions and 0 deletions
--- a/cipher_suites.go
+++ b/cipher_suites.go
@ -59,6 +59,8 @@ func CipherSuites() []*CipherSuite {
 		{tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
 		{tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false},
 		{tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
+
+		// go1.14
 		// {tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false},
 		// {tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false},
 	}
--- a/tls.go
+++ b/tls.go
@ -2,10 +2,34 @@ package main

 import (
 	"crypto/tls"
+	"io"
 	"log"
 	"strings"
 )

+func writeTLSSupportedCipherStrings(w io.Writer, min uint16) error {
+	for _, c := range CipherSuites() {
+		var found bool
+
+		for _, v := range c.SupportedVersions {
+			if v >= min {
+				found = true
+			}
+		}
+
+		if !found {
+			continue
+		}
+
+		_, err := w.Write([]byte(c.Name + "\n"))
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 // getTLSMinVersion converts a version string into a TLS version ID.
 func getTLSMinVersion(v string) uint16 {
 	switch v {
--- a/webhook.go
+++ b/webhook.go
@ -40,6 +40,7 @@ var (
 	cert               = flag.String("cert", "cert.pem", "path to the HTTPS certificate pem file")
 	key                = flag.String("key", "key.pem", "path to the HTTPS certificate private key pem file")
 	justDisplayVersion = flag.Bool("version", false, "display webhook version and quit")
+	justListCiphers    = flag.Bool("list-cipher-suites", false, "list available TLS cipher suites")
 	tlsMinVersion      = flag.String("tls-min-version", "1.2", "minimum TLS version (1.0, 1.1, 1.2, 1.3)")
 	tlsCipherSuites    = flag.String("cipher-suites", "", "comma-separated list of supported TLS cipher suites")

@ -82,6 +83,14 @@ func main() {
 		os.Exit(0)
 	}

+	if *justListCiphers {
+		err := writeTLSSupportedCipherStrings(os.Stdout, getTLSMinVersion(*tlsMinVersion))
+		if err != nil {
+			log.Fatal(err)
+		}
+		os.Exit(0)
+	}
+
 	if len(hooksFiles) == 0 {
 		hooksFiles = append(hooksFiles, "hooks.json")
 	}