Browse Source

Use very strong ciphers (#4116)

* Use very strong ciphers

* Remove TLS_RSA_WITH_AES_256_GCM_SHA384 to be compatible with Go 1.5
pull/4121/head
Aaron Wood 8 years ago committed by 无闻
parent
commit
68ead67a63
  1. 12
      cmd/web.go

12
cmd/web.go

@ -663,7 +663,17 @@ func runWeb(ctx *cli.Context) error {
case setting.SCHEME_HTTP: case setting.SCHEME_HTTP:
err = http.ListenAndServe(listenAddr, m) err = http.ListenAndServe(listenAddr, m)
case setting.SCHEME_HTTPS: case setting.SCHEME_HTTPS:
server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{MinVersion: tls.VersionTLS10}, Handler: m} server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS10,
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // Required for HTTP/2 support.
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
}, Handler: m}
err = server.ListenAndServeTLS(setting.CertFile, setting.KeyFile) err = server.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
case setting.SCHEME_FCGI: case setting.SCHEME_FCGI:
err = fcgi.Serve(nil, m) err = fcgi.Serve(nil, m)

Loading…
Cancel
Save