diff options
| author | zeripath <art27@cantab.net> | 2021-11-20 06:12:43 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-20 01:12:43 -0500 |
| commit | c96be0cd982255f20a3fe6ff4683115b8073e65e (patch) | |
| tree | 3b5c31858438becb2a8a24557c419de9fa085e2a /modules/graceful | |
| parent | 9f14fe43c6de96ce7cf81c87620fcd50e086910c (diff) | |
| download | gitea-c96be0cd982255f20a3fe6ff4683115b8073e65e.tar.gz gitea-c96be0cd982255f20a3fe6ff4683115b8073e65e.zip | |
Make SSL cipher suite configurable (#17440)
Diffstat (limited to 'modules/graceful')
| -rw-r--r-- | modules/graceful/server.go | 40 | ||||
| -rw-r--r-- | modules/graceful/server_http.go | 7 |
2 files changed, 3 insertions, 44 deletions
diff --git a/modules/graceful/server.go b/modules/graceful/server.go index f7ec791d85..159a9879df 100644 --- a/modules/graceful/server.go +++ b/modules/graceful/server.go @@ -95,48 +95,14 @@ func (srv *Server) ListenAndServe(serve ServeFunction) error { return srv.Serve(serve) } -// ListenAndServeTLS listens on the provided network address and then calls -// Serve to handle requests on incoming TLS connections. -// -// Filenames containing a certificate and matching private key for the server must -// be provided. If the certificate is signed by a certificate authority, the -// certFile should be the concatenation of the server's certificate followed by the -// CA's certificate. -func (srv *Server) ListenAndServeTLS(certFile, keyFile string, serve ServeFunction) error { - config := &tls.Config{} - if config.NextProtos == nil { - config.NextProtos = []string{"h2", "http/1.1"} - } - - config.Certificates = make([]tls.Certificate, 1) - - certPEMBlock, err := os.ReadFile(certFile) - if err != nil { - log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, srv.network, srv.address, err) - return err - } - - keyPEMBlock, err := os.ReadFile(keyFile) - if err != nil { - log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, srv.network, srv.address, err) - return err - } - - config.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock) - if err != nil { - log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, srv.network, srv.address, err) - return err - } - - return srv.ListenAndServeTLSConfig(config, serve) -} - // ListenAndServeTLSConfig listens on the provided network address and then calls // Serve to handle requests on incoming TLS connections. func (srv *Server) ListenAndServeTLSConfig(tlsConfig *tls.Config, serve ServeFunction) error { go srv.awaitShutdown() - tlsConfig.MinVersion = tls.VersionTLS12 + if tlsConfig.MinVersion == 0 { + tlsConfig.MinVersion = tls.VersionTLS12 + } l, err := GetListener(srv.network, srv.address) if err != nil { diff --git a/modules/graceful/server_http.go b/modules/graceful/server_http.go index 4471e379ef..f7b22ceb5e 100644 --- a/modules/graceful/server_http.go +++ b/modules/graceful/server_http.go @@ -33,13 +33,6 @@ func HTTPListenAndServe(network, address, name string, handler http.Handler) err return server.ListenAndServe(lHandler) } -// HTTPListenAndServeTLS listens on the provided network address and then calls Serve -// to handle requests on incoming connections. -func HTTPListenAndServeTLS(network, address, name, certFile, keyFile string, handler http.Handler) error { - server, lHandler := newHTTPServer(network, address, name, handler) - return server.ListenAndServeTLS(certFile, keyFile, lHandler) -} - // HTTPListenAndServeTLSConfig listens on the provided network address and then calls Serve // to handle requests on incoming connections. func HTTPListenAndServeTLSConfig(network, address, name string, tlsConfig *tls.Config, handler http.Handler) error { |