remove the legacy PreferServerCipherSuites configuration

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-09 16:25:15 +03:00 · 2023-08-07 19:11:48 +02:00
parent 830116bcf2
commit 63212bb033
4 changed files with 15 additions and 19 deletions
--- a/internal/ftpd/server.go
+++ b/internal/ftpd/server.go
@@ -302,10 +302,9 @@ func (s *Server) buildTLSConfig() {
 			certID = s.binding.GetAddress()
 		}
 		s.tlsConfig = &tls.Config{
-			GetCertificate:           certMgr.GetCertificateFunc(certID),
-			MinVersion:               util.GetTLSVersion(s.binding.MinTLSVersion),
-			CipherSuites:             s.binding.ciphers,
-			PreferServerCipherSuites: true,
+			GetCertificate: certMgr.GetCertificateFunc(certID),
+			MinVersion:     util.GetTLSVersion(s.binding.MinTLSVersion),
+			CipherSuites:   s.binding.ciphers,
 		}
 		logger.Debug(logSender, "", "configured TLS cipher suites for binding %q: %v, certID: %v",
 			s.binding.GetAddress(), s.binding.ciphers, certID)
--- a/internal/httpd/server.go
+++ b/internal/httpd/server.go
@@ -108,11 +108,10 @@ func (s *httpdServer) listenAndServe() error {
 			certID = s.binding.GetAddress()
 		}
 		config := &tls.Config{
-			GetCertificate:           certMgr.GetCertificateFunc(certID),
-			MinVersion:               util.GetTLSVersion(s.binding.MinTLSVersion),
-			NextProtos:               []string{"http/1.1", "h2"},
-			CipherSuites:             util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites),
-			PreferServerCipherSuites: true,
+			GetCertificate: certMgr.GetCertificateFunc(certID),
+			MinVersion:     util.GetTLSVersion(s.binding.MinTLSVersion),
+			NextProtos:     []string{"http/1.1", "h2"},
+			CipherSuites:   util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites),
 		}
 		httpServer.TLSConfig = config
 		logger.Debug(logSender, "", "configured TLS cipher suites for binding %q: %v, certID: %v",
--- a/internal/telemetry/telemetry.go
+++ b/internal/telemetry/telemetry.go
@@ -126,11 +126,10 @@ func (c Conf) Initialize(configDir string) error {
 			return err
 		}
 		config := &tls.Config{
-			GetCertificate:           certMgr.GetCertificateFunc(common.DefaultTLSKeyPaidID),
-			MinVersion:               util.GetTLSVersion(c.MinTLSVersion),
-			NextProtos:               []string{"http/1.1", "h2"},
-			CipherSuites:             util.GetTLSCiphersFromNames(c.TLSCipherSuites),
-			PreferServerCipherSuites: true,
+			GetCertificate: certMgr.GetCertificateFunc(common.DefaultTLSKeyPaidID),
+			MinVersion:     util.GetTLSVersion(c.MinTLSVersion),
+			NextProtos:     []string{"http/1.1", "h2"},
+			CipherSuites:   util.GetTLSCiphersFromNames(c.TLSCipherSuites),
 		}
 		logger.Debug(logSender, "", "configured TLS cipher suites: %v", config.CipherSuites)
 		httpServer.TLSConfig = config
--- a/internal/webdavd/server.go
+++ b/internal/webdavd/server.go
@@ -80,11 +80,10 @@ func (s *webDavServer) listenAndServe(compressor *middleware.Compressor) error {
 			certID = s.binding.GetAddress()
 		}
 		httpServer.TLSConfig = &tls.Config{
-			GetCertificate:           certMgr.GetCertificateFunc(certID),
-			MinVersion:               util.GetTLSVersion(s.binding.MinTLSVersion),
-			NextProtos:               []string{"http/1.1", "h2"},
-			CipherSuites:             util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites),
-			PreferServerCipherSuites: true,
+			GetCertificate: certMgr.GetCertificateFunc(certID),
+			MinVersion:     util.GetTLSVersion(s.binding.MinTLSVersion),
+			NextProtos:     []string{"http/1.1", "h2"},
+			CipherSuites:   util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites),
 		}
 		logger.Debug(logSender, "", "configured TLS cipher suites for binding %q: %v, certID: %v",
 			s.binding.GetAddress(), httpServer.TLSConfig.CipherSuites, certID)