make use of TLS version options
This commit is contained in:
parent
43dbaa5b3d
commit
a3923642c1
6
main.go
6
main.go
|
@ -270,7 +270,8 @@ func run() int {
|
|||
}
|
||||
|
||||
if args.cert != "" {
|
||||
cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile, args.ciphers, !args.disableHTTP2)
|
||||
cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile,
|
||||
args.ciphers, uint16(args.minTLSVersion), uint16(args.maxTLSVersion), !args.disableHTTP2)
|
||||
if err1 != nil {
|
||||
mainLogger.Critical("TLS config construction failed: %v", err1)
|
||||
return 3
|
||||
|
@ -293,7 +294,8 @@ func run() int {
|
|||
}()
|
||||
}
|
||||
cfg := m.TLSConfig()
|
||||
cfg, err = updateServerTLSConfig(cfg, args.cafile, args.ciphers, !args.disableHTTP2)
|
||||
cfg, err = updateServerTLSConfig(cfg, args.cafile, args.ciphers,
|
||||
uint16(args.minTLSVersion), uint16(args.maxTLSVersion), !args.disableHTTP2)
|
||||
if err != nil {
|
||||
mainLogger.Critical("TLS config construction failed: %v", err)
|
||||
return 3
|
||||
|
|
11
utils.go
11
utils.go
|
@ -151,8 +151,11 @@ func copyBody(wr io.Writer, body io.Reader) {
|
|||
}
|
||||
}
|
||||
|
||||
func makeServerTLSConfig(certfile, keyfile, cafile, ciphers string, h2 bool) (*tls.Config, error) {
|
||||
var cfg tls.Config
|
||||
func makeServerTLSConfig(certfile, keyfile, cafile, ciphers string, minVer, maxVer uint16, h2 bool) (*tls.Config, error) {
|
||||
cfg := tls.Config{
|
||||
MinVersion: minVer,
|
||||
MaxVersion: maxVer,
|
||||
}
|
||||
cert, err := tls.LoadX509KeyPair(certfile, keyfile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -179,7 +182,7 @@ func makeServerTLSConfig(certfile, keyfile, cafile, ciphers string, h2 bool) (*t
|
|||
return &cfg, nil
|
||||
}
|
||||
|
||||
func updateServerTLSConfig(cfg *tls.Config, cafile, ciphers string, h2 bool) (*tls.Config, error) {
|
||||
func updateServerTLSConfig(cfg *tls.Config, cafile, ciphers string, minVer, maxVer uint16, h2 bool) (*tls.Config, error) {
|
||||
if cafile != "" {
|
||||
roots := x509.NewCertPool()
|
||||
certs, err := ioutil.ReadFile(cafile)
|
||||
|
@ -198,6 +201,8 @@ func updateServerTLSConfig(cfg *tls.Config, cafile, ciphers string, h2 bool) (*t
|
|||
} else {
|
||||
cfg.NextProtos = []string{"http/1.1", "acme-tls/1"}
|
||||
}
|
||||
cfg.MinVersion = minVer
|
||||
cfg.MaxVersion = maxVer
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue