mirror of
https://github.com/adnanh/webhook.git
synced 2025-05-12 08:34:43 +00:00
102 lines
4.8 KiB
Go
102 lines
4.8 KiB
Go
// Copyright 2010 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// Copied from Go 1.14 tip src/crypto/tls/cipher_suites.go
|
|
|
|
package main
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"fmt"
|
|
)
|
|
|
|
// CipherSuite is a TLS cipher suite. Note that most functions in this package
|
|
// accept and expose cipher suite IDs instead of this type.
|
|
type CipherSuite struct {
|
|
ID uint16
|
|
Name string
|
|
|
|
// Supported versions is the list of TLS protocol versions that can
|
|
// negotiate this cipher suite.
|
|
SupportedVersions []uint16
|
|
|
|
// Insecure is true if the cipher suite has known security issues
|
|
// due to its primitives, design, or implementation.
|
|
Insecure bool
|
|
}
|
|
|
|
var (
|
|
supportedUpToTLS12 = []uint16{tls.VersionTLS10, tls.VersionTLS11, tls.VersionTLS12}
|
|
supportedOnlyTLS12 = []uint16{tls.VersionTLS12}
|
|
supportedOnlyTLS13 = []uint16{tls.VersionTLS13}
|
|
)
|
|
|
|
// CipherSuites returns a list of cipher suites currently implemented by this
|
|
// package, excluding those with security issues, which are returned by
|
|
// InsecureCipherSuites.
|
|
//
|
|
// The list is sorted by ID. Note that the default cipher suites selected by
|
|
// this package might depend on logic that can't be captured by a static list.
|
|
func CipherSuites() []*CipherSuite {
|
|
return []*CipherSuite{
|
|
{tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", supportedUpToTLS12, false},
|
|
{tls.TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA", supportedUpToTLS12, false},
|
|
{tls.TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA", supportedUpToTLS12, false},
|
|
{tls.TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false},
|
|
{tls.TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
|
|
|
|
{tls.TLS_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256", supportedOnlyTLS13, false},
|
|
{tls.TLS_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384", supportedOnlyTLS13, false},
|
|
{tls.TLS_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256", supportedOnlyTLS13, false},
|
|
|
|
{tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", supportedUpToTLS12, false},
|
|
{tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", supportedUpToTLS12, false},
|
|
{tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", supportedUpToTLS12, false},
|
|
{tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", supportedUpToTLS12, false},
|
|
{tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", supportedUpToTLS12, false},
|
|
{tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false},
|
|
{tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
|
|
{tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false},
|
|
{tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
|
|
|
|
// go1.14
|
|
// {tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false},
|
|
// {tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false},
|
|
}
|
|
}
|
|
|
|
// InsecureCipherSuites returns a list of cipher suites currently implemented by
|
|
// this package and which have security issues.
|
|
//
|
|
// Most applications should not use the cipher suites in this list, and should
|
|
// only use those returned by CipherSuites.
|
|
func InsecureCipherSuites() []*CipherSuite {
|
|
// RC4 suites are broken because RC4 is.
|
|
// CBC-SHA256 suites have no Lucky13 countermeasures.
|
|
return []*CipherSuite{
|
|
{tls.TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_RC4_128_SHA", supportedUpToTLS12, true},
|
|
{tls.TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256", supportedOnlyTLS12, true},
|
|
{tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", supportedUpToTLS12, true},
|
|
{tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", supportedUpToTLS12, true},
|
|
{tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", supportedOnlyTLS12, true},
|
|
{tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", supportedOnlyTLS12, true},
|
|
}
|
|
}
|
|
|
|
// CipherSuiteName returns the standard name for the passed cipher suite ID
|
|
// (e.g. "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"), or a fallback representation
|
|
// of the ID value if the cipher suite is not implemented by this package.
|
|
func CipherSuiteName(id uint16) string {
|
|
for _, c := range CipherSuites() {
|
|
if c.ID == id {
|
|
return c.Name
|
|
}
|
|
}
|
|
for _, c := range InsecureCipherSuites() {
|
|
if c.ID == id {
|
|
return c.Name
|
|
}
|
|
}
|
|
return fmt.Sprintf("0x%04X", id)
|
|
}
|