Skip to content

Commit

Permalink
Use secure cipher suites for tls by default (#380)
Browse files Browse the repository at this point in the history
  • Loading branch information
stingshen authored Dec 29, 2023
1 parent 5313cad commit 17d6f41
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions auth_server/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,7 @@ func ServeOnce(c *server.Config, cf string) (*server.AuthServer, *http.Server) {
glog.Exitf("Failed to create auth server: %s", err)
}

tlsConfig := &tls.Config{
PreferServerCipherSuites: true,
}
tlsConfig := &tls.Config{}
if c.Server.HSTS {
glog.Info("HTTP Strict Transport Security enabled")
}
Expand Down Expand Up @@ -101,6 +99,10 @@ func ServeOnce(c *server.Config, cf string) (*server.AuthServer, *http.Server) {
}
tlsConfig.CipherSuites = values
glog.Infof("TLS CipherSuites: %s", c.Server.TLSCipherSuites)
} else {
for _, s := range tls.CipherSuites() {
tlsConfig.CipherSuites = append(tlsConfig.CipherSuites, s.ID)
}
}
if c.Server.CertFile != "" || c.Server.KeyFile != "" {
// Check for partial configuration.
Expand Down

0 comments on commit 17d6f41

Please sign in to comment.