Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

TLS ciphers: use a more secure default if no preference is specified

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2023-11-01 16:39:04 +01:00
parent 4139c79a77
commit 822a05aa20
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/util/util.go
View File

@@ -66,6 +66,13 @@ var (
// CertsBasePath defines base path for certificates obtained using the built-in ACME protocol. // CertsBasePath defines base path for certificates obtained using the built-in ACME protocol.
// It is empty is ACME support is disabled // It is empty is ACME support is disabled
CertsBasePath string CertsBasePath string
// Defines the TLS ciphers used by default for TLS 1.0-1.2 if no preference is specified.
defaultTLSCiphers = []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
}
) )
// IEC Sizes. // IEC Sizes.
@@ -613,6 +620,11 @@ func GetTLSCiphersFromNames(cipherNames []string) []uint16 {
} }
} }
if len(ciphers) == 0 {
// return a secure default
return defaultTLSCiphers
}
return ciphers return ciphers
} }