Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

TLS: allow to configure cipher suites

Browse Source 
Fixes #316
This commit is contained in:
Nicola Murino
2021-02-18 20:17:16 +01:00
parent 552a96533e
commit 5da4f931c5
12 changed files with 162 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
webdavd/server.go
View File

@@ -62,9 +62,13 @@ func (s *webDavServer) listenAndServe(compressor *middleware.Compressor) error {
if certMgr != nil && s.binding.EnableHTTPS {
serviceStatus.Bindings = append(serviceStatus.Bindings, s.binding)
httpServer.TLSConfig = &tls.Config{
GetCertificate: certMgr.GetCertificateFunc(),
MinVersion: tls.VersionTLS12,
GetCertificate: certMgr.GetCertificateFunc(),
MinVersion: tls.VersionTLS12,
CipherSuites: utils.GetTLSCiphersFromNames(s.binding.TLSCipherSuites),
PreferServerCipherSuites: true,
}
logger.Debug(logSender, "", "configured TLS cipher suites for binding %#v: %v", s.binding.GetAddress(),
httpServer.TLSConfig.CipherSuites)
if s.binding.ClientAuthType == 1 {
httpServer.TLSConfig.ClientCAs = certMgr.GetRootCAs()
httpServer.TLSConfig.ClientAuth = tls.RequireAndVerifyClientCert