USEFULL/gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2025-05-31 11:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use very strong ciphers (#4116)

Browse Source 
* Use very strong ciphers

* Remove TLS_RSA_WITH_AES_256_GCM_SHA384 to be compatible with Go 1.5
This commit is contained in:
Aaron Wood 2017-02-12 19:12:07 -05:00 committed by 无闻
parent 2d38b75400
commit 68ead67a63
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/web.go
View File

@ -663,7 +663,17 @@ func runWeb(ctx *cli.Context) error {
case setting.SCHEME_HTTP: case setting.SCHEME_HTTP:
err = http.ListenAndServe(listenAddr, m) err = http.ListenAndServe(listenAddr, m)
case setting.SCHEME_HTTPS: case setting.SCHEME_HTTPS:
server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{MinVersion: tls.VersionTLS10}, Handler: m} server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS10,
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // Required for HTTP/2 support.
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
}, Handler: m}
err = server.ListenAndServeTLS(setting.CertFile, setting.KeyFile) err = server.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
case setting.SCHEME_FCGI: case setting.SCHEME_FCGI:
err = fcgi.Serve(nil, m) err = fcgi.Serve(nil, m)