make use of TLS version options

This commit is contained in:
Vladislav Yarmak 2024-07-06 16:29:23 +03:00
parent 43dbaa5b3d
commit a3923642c1
2 changed files with 12 additions and 5 deletions

View File

@ -270,7 +270,8 @@ func run() int {
}
if args.cert != "" {
cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile, args.ciphers, !args.disableHTTP2)
cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile,
args.ciphers, uint16(args.minTLSVersion), uint16(args.maxTLSVersion), !args.disableHTTP2)
if err1 != nil {
mainLogger.Critical("TLS config construction failed: %v", err1)
return 3
@ -293,7 +294,8 @@ func run() int {
}()
}
cfg := m.TLSConfig()
cfg, err = updateServerTLSConfig(cfg, args.cafile, args.ciphers, !args.disableHTTP2)
cfg, err = updateServerTLSConfig(cfg, args.cafile, args.ciphers,
uint16(args.minTLSVersion), uint16(args.maxTLSVersion), !args.disableHTTP2)
if err != nil {
mainLogger.Critical("TLS config construction failed: %v", err)
return 3

View File

@ -151,8 +151,11 @@ func copyBody(wr io.Writer, body io.Reader) {
}
}
func makeServerTLSConfig(certfile, keyfile, cafile, ciphers string, h2 bool) (*tls.Config, error) {
var cfg tls.Config
func makeServerTLSConfig(certfile, keyfile, cafile, ciphers string, minVer, maxVer uint16, h2 bool) (*tls.Config, error) {
cfg := tls.Config{
MinVersion: minVer,
MaxVersion: maxVer,
}
cert, err := tls.LoadX509KeyPair(certfile, keyfile)
if err != nil {
return nil, err
@ -179,7 +182,7 @@ func makeServerTLSConfig(certfile, keyfile, cafile, ciphers string, h2 bool) (*t
return &cfg, nil
}
func updateServerTLSConfig(cfg *tls.Config, cafile, ciphers string, h2 bool) (*tls.Config, error) {
func updateServerTLSConfig(cfg *tls.Config, cafile, ciphers string, minVer, maxVer uint16, h2 bool) (*tls.Config, error) {
if cafile != "" {
roots := x509.NewCertPool()
certs, err := ioutil.ReadFile(cafile)
@ -198,6 +201,8 @@ func updateServerTLSConfig(cfg *tls.Config, cafile, ciphers string, h2 bool) (*t
} else {
cfg.NextProtos = []string{"http/1.1", "acme-tls/1"}
}
cfg.MinVersion = minVer
cfg.MaxVersion = maxVer
return cfg, nil
}