Home Explore
Register Sign In
Endevir
/
git-server
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Use very strong ciphers (#4116)

* Use very strong ciphers

* Remove TLS_RSA_WITH_AES_256_GCM_SHA384 to be compatible with Go 1.5
Aaron Wood 8 years ago
parent
2d38b75400
commit
68ead67a63
1 changed files with 11 additions and 1 deletions
Split View Show Diff Stats
  1. 11 1
      cmd/web.go

+ 11 - 1
cmd/web.go
View File 

@@ -663,7 +663,17 @@ func runWeb(ctx *cli.Context) error {
 
 	case setting.SCHEME_HTTP:
 
 		err = http.ListenAndServe(listenAddr, m)
 
 	case setting.SCHEME_HTTPS:
 
-		server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{MinVersion: tls.VersionTLS10}, Handler: m}
 
+		server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{
 
+			MinVersion:               tls.VersionTLS10,
 
+			CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 
+			PreferServerCipherSuites: true,
 
+			CipherSuites: []uint16{
 
+				tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 
+				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // Required for HTTP/2 support.
 
+				tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 
+				tls.TLS_RSA_WITH_AES_256_CBC_SHA,
 
+			},
 
+		}, Handler: m}
 
 		err = server.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
 
 	case setting.SCHEME_FCGI:
 
 		err = fcgi.Serve(nil, m)