Add TLS min and max version
This commit is contained in:
parent
47319f709f
commit
80401e4c98
|
@ -1,6 +1,7 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
|
||||
|
@ -24,6 +25,8 @@ type ConfigSettings struct {
|
|||
|
||||
type TLSSettings struct {
|
||||
Enabled bool `yaml:"enabled"`
|
||||
MinVersion string `yaml:"minversion"`
|
||||
MaxVersion string `yaml:"maxversion"`
|
||||
Keyfile string `yaml:"keyfile"`
|
||||
Certificates []string `yaml:"certificates"`
|
||||
}
|
||||
|
@ -70,3 +73,19 @@ func (cf *Config) LoadYAML(filename string) error {
|
|||
}
|
||||
return cf.Check()
|
||||
}
|
||||
|
||||
func ParseTLSVersion(version string) (uint16, error) {
|
||||
if version == "" {
|
||||
return tls.VersionTLS12, nil
|
||||
} else if version == "1.0" {
|
||||
return tls.VersionTLS10, nil
|
||||
} else if version == "1.1" {
|
||||
return tls.VersionTLS11, nil
|
||||
} else if version == "1.2" {
|
||||
return tls.VersionTLS12, nil
|
||||
} else if version == "1.3" {
|
||||
return tls.VersionTLS13, nil
|
||||
} else {
|
||||
return 0, fmt.Errorf("invalid tls version string")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -130,7 +130,26 @@ func main() {
|
|||
WriteTimeout: time.Duration(cf.Settings.WriteTimeout) * time.Second,
|
||||
MaxHeaderBytes: cf.Settings.MaxHeaderBytes,
|
||||
}
|
||||
tlsConfig := &tls.Config{}
|
||||
tlsConfig := &tls.Config{
|
||||
MinVersion: tls.VersionTLS12,
|
||||
}
|
||||
if cf.Settings.TLS.MinVersion != "" {
|
||||
|
||||
var err error
|
||||
tlsConfig.MinVersion, err = ParseTLSVersion(cf.Settings.TLS.MinVersion)
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "error: tls min version invalid\n")
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
if cf.Settings.TLS.MaxVersion != "" {
|
||||
var err error
|
||||
tlsConfig.MaxVersion, err = ParseTLSVersion(cf.Settings.TLS.MinVersion)
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "error: tls min version invalid\n")
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
// Create self-signed certificate, when no keyfile and no certificates are present
|
||||
if cf.Settings.TLS.Keyfile == "" && len(cf.Settings.TLS.Certificates) == 0 {
|
||||
// TODO
|
||||
|
|
|
@ -14,6 +14,9 @@ settings:
|
|||
# Enable TLS here here
|
||||
tls:
|
||||
enabled: true
|
||||
# Minimum and maximum requires TLS version. By default TLS1.2 is the minimum
|
||||
minversion: '1.2'
|
||||
maxversion: ''
|
||||
keyfile: 'weblug.key'
|
||||
certificates:
|
||||
- weblug1.pem
|
||||
|
|
Loading…
Reference in a new issue