Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

TLS: allow to configure cipher suites

Browse Source 
Fixes #316
This commit is contained in:
Nicola Murino
2021-02-18 20:17:16 +01:00
parent 82b26f81d6
commit 5d3288c37d
12 changed files with 162 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
webdavd/webdavd.go
View File

@@ -75,6 +75,17 @@ type Binding struct {
// set to 1 to require client certificate authentication in addition to basic auth.
// You need to define at least a certificate authority for this to work
ClientAuthType int `json:"client_auth_type" mapstructure:"client_auth_type"`
// TLSCipherSuites is a list of supported cipher suites for TLS version 1.2.
// If CipherSuites is nil/empty, a default list of secure cipher suites
// is used, with a preference order based on hardware performance.
// Note that TLS 1.3 ciphersuites are not configurable.
// The supported ciphersuites names are defined here:
//
// https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L52
//
// any invalid name will be silently ignored.
// The order matters, the ciphers listed first will be the preferred ones.
TLSCipherSuites []string `json:"tls_cipher_suites" mapstructure:"tls_cipher_suites"`
}
// GetAddress returns the binding address