Request builder: Allow the use of insecure TLS ciphers when Allow self-signed or invalid certificates
is used
Some server on the wild are badly configured. Either by mistake or lack of maintenance. Safe and unsafe Ciphers change overtime based on new discoveries. This proposition will include considered unsafe ciphers when `Allow self-signed or invalid certificates` is used. It could be put into a separate option but, I felt this could fit in. fix #2671
This commit is contained in:
parent
e54825bf02
commit
9f3a8e7f1b
1 changed files with 11 additions and 0 deletions
|
@ -109,6 +109,16 @@ func (r *RequestBuilder) IgnoreTLSErrors(value bool) *RequestBuilder {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *RequestBuilder) ExecuteRequest(requestURL string) (*http.Response, error) {
|
func (r *RequestBuilder) ExecuteRequest(requestURL string) (*http.Response, error) {
|
||||||
|
// We get the safe ciphers
|
||||||
|
ciphers := tls.CipherSuites()
|
||||||
|
if r.ignoreTLSErrors {
|
||||||
|
// and the insecure ones if we are ignoring TLS errors. This allows to connect to badly configured servers anyway
|
||||||
|
ciphers = append(ciphers, tls.InsecureCipherSuites()...)
|
||||||
|
}
|
||||||
|
cipherSuites := []uint16{}
|
||||||
|
for _, cipher := range ciphers {
|
||||||
|
cipherSuites = append(cipherSuites, cipher.ID)
|
||||||
|
}
|
||||||
transport := &http.Transport{
|
transport := &http.Transport{
|
||||||
Proxy: http.ProxyFromEnvironment,
|
Proxy: http.ProxyFromEnvironment,
|
||||||
// Setting `DialContext` disables HTTP/2, this option forces the transport to try HTTP/2 regardless.
|
// Setting `DialContext` disables HTTP/2, this option forces the transport to try HTTP/2 regardless.
|
||||||
|
@ -128,6 +138,7 @@ func (r *RequestBuilder) ExecuteRequest(requestURL string) (*http.Response, erro
|
||||||
IdleConnTimeout: 10 * time.Second,
|
IdleConnTimeout: 10 * time.Second,
|
||||||
|
|
||||||
TLSClientConfig: &tls.Config{
|
TLSClientConfig: &tls.Config{
|
||||||
|
CipherSuites: cipherSuites,
|
||||||
InsecureSkipVerify: r.ignoreTLSErrors,
|
InsecureSkipVerify: r.ignoreTLSErrors,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue