Skip to content

Commit

Permalink
PEM-2613: Fix cipher suit issue (#113)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jayesh-srivastava
jayesh-srivastava authored Aug 3, 2023
1 parent ea46da2 commit 504dc45
Showing 1 changed file with 21 additions and 9 deletions.
30 changes: 21 additions & 9 deletions util/flags/tls.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,16 +60,28 @@ func GetTLSOptionOverrideFuncs(options TLSOptions) ([]func(*tls.Config), error)
}
tlsOptions = append(tlsOptions, func(cfg *tls.Config) {
cfg.MinVersion = tlsVersion
cfg.CipherSuites = GetDefaultTLSCipherSuits()
})

// For PEM-2613
//if len(options.TLSCipherSuites) != 0 {
// // suites, err := cliflag.TLSCipherSuites(options.TLSCipherSuites)
// // Not required PEM 2613
// if err != nil {
// return nil, err
// }
// tlsOptions = append(tlsOptions, func(cfg *tls.Config) {
// cfg.CipherSuites = GetDefaultTLSCipherSuits()
// })
//}

if len(options.TLSCipherSuites) != 0 {
suites, err := cliflag.TLSCipherSuites(options.TLSCipherSuites)
if err != nil {
return nil, err
}
tlsOptions = append(tlsOptions, func(cfg *tls.Config) {
cfg.CipherSuites = suites
})
}
return tlsOptions, nil
}

func GetDefaultTLSCipherSuits() []uint16 {
return []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
}
}

0 comments on commit 504dc45

Please sign in to comment.