From c96be0cd982255f20a3fe6ff4683115b8073e65e Mon Sep 17 00:00:00 2001 From: zeripath Date: Sat, 20 Nov 2021 06:12:43 +0000 Subject: Make SSL cipher suite configurable (#17440) --- modules/graceful/server.go | 40 +++------------------------------------- modules/graceful/server_http.go | 7 ------- 2 files changed, 3 insertions(+), 44 deletions(-) (limited to 'modules/graceful') diff --git a/modules/graceful/server.go b/modules/graceful/server.go index f7ec791d85..159a9879df 100644 --- a/modules/graceful/server.go +++ b/modules/graceful/server.go @@ -95,48 +95,14 @@ func (srv *Server) ListenAndServe(serve ServeFunction) error { return srv.Serve(serve) } -// ListenAndServeTLS listens on the provided network address and then calls -// Serve to handle requests on incoming TLS connections. -// -// Filenames containing a certificate and matching private key for the server must -// be provided. If the certificate is signed by a certificate authority, the -// certFile should be the concatenation of the server's certificate followed by the -// CA's certificate. -func (srv *Server) ListenAndServeTLS(certFile, keyFile string, serve ServeFunction) error { - config := &tls.Config{} - if config.NextProtos == nil { - config.NextProtos = []string{"h2", "http/1.1"} - } - - config.Certificates = make([]tls.Certificate, 1) - - certPEMBlock, err := os.ReadFile(certFile) - if err != nil { - log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, srv.network, srv.address, err) - return err - } - - keyPEMBlock, err := os.ReadFile(keyFile) - if err != nil { - log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, srv.network, srv.address, err) - return err - } - - config.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock) - if err != nil { - log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, srv.network, srv.address, err) - return err - } - - return srv.ListenAndServeTLSConfig(config, serve) -} - // ListenAndServeTLSConfig listens on the provided network address and then calls // Serve to handle requests on incoming TLS connections. func (srv *Server) ListenAndServeTLSConfig(tlsConfig *tls.Config, serve ServeFunction) error { go srv.awaitShutdown() - tlsConfig.MinVersion = tls.VersionTLS12 + if tlsConfig.MinVersion == 0 { + tlsConfig.MinVersion = tls.VersionTLS12 + } l, err := GetListener(srv.network, srv.address) if err != nil { diff --git a/modules/graceful/server_http.go b/modules/graceful/server_http.go index 4471e379ef..f7b22ceb5e 100644 --- a/modules/graceful/server_http.go +++ b/modules/graceful/server_http.go @@ -33,13 +33,6 @@ func HTTPListenAndServe(network, address, name string, handler http.Handler) err return server.ListenAndServe(lHandler) } -// HTTPListenAndServeTLS listens on the provided network address and then calls Serve -// to handle requests on incoming connections. -func HTTPListenAndServeTLS(network, address, name, certFile, keyFile string, handler http.Handler) error { - server, lHandler := newHTTPServer(network, address, name, handler) - return server.ListenAndServeTLS(certFile, keyFile, lHandler) -} - // HTTPListenAndServeTLSConfig listens on the provided network address and then calls Serve // to handle requests on incoming connections. func HTTPListenAndServeTLSConfig(network, address, name string, tlsConfig *tls.Config, handler http.Handler) error { -- cgit v1.2.3