Added flag for user configurable cipher suites
Configuration of list of cipher suites allows a user to disable use of weak ciphers or continue to support them for legacy usage if they so choose. List of available cipher suites at: https://golang.org/pkg/crypto/tls/#pkg-constants Default cipher suites have been updated to: - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 - TLS_CHACHA20_POLY1305_SHA256 - TLS_AES_256_GCM_SHA384 MinimumTLS has also been updated to include TLS 1.3 as an option and now defaults to TLS 1.2 since 1.0 and 1.1 have been deprecated. Signed-off-by: David Luu <david@davidluu.info>
This commit is contained in:
David Luu
parent
22c074842e
commit
1e625d0076
6 changed files with 412 additions and 41 deletions
2
Makefile
2
Makefile
|
|
@ -50,7 +50,7 @@ version/version.go:
|
|||
|
||||
check: ## run all linters (TODO: enable "unused", "varcheck", "ineffassign", "unconvert", "staticheck", "goimports", "structcheck")
|
||||
@echo "$(WHALE) $@"
|
||||
@GO111MODULE=off golangci-lint run
|
||||
@golangci-lint run
|
||||
|
||||
test: ## run tests, except integration test with test.short
|
||||
@echo "$(WHALE) $@"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue