southfox/miniflux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Use predefined Ciphers when TLS is configured

Browse source
This commit is contained in:
Frédéric Guillot 2018-09-08 21:43:45 -07:00
parent 2306a4b2f6
commit 46932c91a6
1 changed files with 19 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
daemon/server.go
View file

@ -55,9 +55,27 @@ func newServer(cfg *config.Config, store *storage.Storage, pool *scheduler.Worke
} }
}() }()
} else if certFile != "" && keyFile != "" { } else if certFile != "" && keyFile != "" {
server.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12}
cfg.IsHTTPS = true cfg.IsHTTPS = true
// See https://blog.cloudflare.com/exposing-go-on-the-internet/
// And https://wiki.mozilla.org/Security/Server_Side_TLS
server.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
PreferServerCipherSuites: true,
CurvePreferences: []tls.CurveID{
tls.CurveP256,
tls.X25519,
},
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
},
}
go func() { go func() {
logger.Info(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile) logger.Info(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile)
if err := server.ListenAndServeTLS(certFile, keyFile); err != http.ErrServerClosed { if err := server.ListenAndServeTLS(certFile, keyFile); err != http.ErrServerClosed {