aljaz/aperture
1
1
Fork 0
mirror of https://github.com/lightninglabs/aperture.git synced 2026-02-02 08:04:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

aperture: relax TLS requirements

Browse Source 
In this commit, we modify our cipher suites and required TLS versions to
allow anything greater than TL 1.1. TLS 1.0 (sslv3) is broken so we
require versions that're safely above that. Without this change, widely
used clients such as `openssl` will fail to connect out to an Aperture
proxy.
This commit is contained in:
Olaoluwa Osuntokun
2020-08-21 19:42:04 -07:00
parent 6c57ebe08f
commit d6438114d4
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
aperture.go
View File

@@ -63,6 +63,7 @@ var (
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
}
)
@@ -323,7 +324,7 @@ func getTLSConfig(serverName string, autoCert bool) (*tls.Config, error) {
return &tls.Config{
GetCertificate: manager.GetCertificate,
CipherSuites: http2TLSCipherSuites,
MinVersion: tls.VersionTLS12,
MinVersion: tls.VersionTLS10,
}, nil
}
@@ -399,7 +400,7 @@ func getTLSConfig(serverName string, autoCert bool) (*tls.Config, error) {
return &tls.Config{
Certificates: []tls.Certificate{certData},
CipherSuites: http2TLSCipherSuites,
MinVersion: tls.VersionTLS12,
MinVersion: tls.VersionTLS10,
}, nil
}