mirror of
https://github.com/minio/minio.git
synced 2024-12-25 06:35:56 -05:00
add go1.18 specific curve preferences (#15132)
This commit is contained in:
parent
e2e5bd6f19
commit
10522438b7
@ -134,13 +134,14 @@ func TLSCiphersBackwardCompatible() []uint16 {
|
|||||||
// TLSCurveIDs returns a list of supported elliptic curve IDs
|
// TLSCurveIDs returns a list of supported elliptic curve IDs
|
||||||
// in preference order.
|
// in preference order.
|
||||||
func TLSCurveIDs() []tls.CurveID {
|
func TLSCurveIDs() []tls.CurveID {
|
||||||
// TODO(aead): Once MinIO switches to Go 1.18
|
curves := []tls.CurveID{tls.CurveP256}
|
||||||
// enable CurveP384 and CurveP512.
|
if go18 {
|
||||||
//
|
// With go1.18 enable P384, P521 newer constant time implementations.
|
||||||
// See: https://go.dev/doc/go1.18 Changes to crypto/elliptic
|
curves = append(curves, []tls.CurveID{tls.CurveP384, tls.CurveP521}...)
|
||||||
|
|
||||||
if Enabled {
|
|
||||||
return []tls.CurveID{tls.CurveP256}
|
|
||||||
}
|
}
|
||||||
return []tls.CurveID{tls.X25519, tls.CurveP256}
|
if !Enabled {
|
||||||
|
// No-FIPS we enable x25519 as well.
|
||||||
|
curves = append(curves, tls.X25519)
|
||||||
|
}
|
||||||
|
return curves
|
||||||
}
|
}
|
||||||
|
23
internal/fips/go1.18.go
Normal file
23
internal/fips/go1.18.go
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
// Copyright (c) 2015-2022 MinIO, Inc.
|
||||||
|
//
|
||||||
|
// This file is part of MinIO Object Storage stack
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
//go:build go1.18
|
||||||
|
// +build go1.18
|
||||||
|
|
||||||
|
package fips
|
||||||
|
|
||||||
|
const go18 = true
|
23
internal/fips/no_go18.go
Normal file
23
internal/fips/no_go18.go
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
// Copyright (c) 2015-2022 MinIO, Inc.
|
||||||
|
//
|
||||||
|
// This file is part of MinIO Object Storage stack
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
//go:build !go1.18
|
||||||
|
// +build !go1.18
|
||||||
|
|
||||||
|
package fips
|
||||||
|
|
||||||
|
const go18 = false
|
Loading…
Reference in New Issue
Block a user