mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
tls: Avoid 3DES cipher (#13459)
3DES is enabled by default in Golang, this commit will use tls.CipherSuites() which returns all ciphers excluding those with security issues, such as 3DES.
This commit is contained in:
parent
44e4bdc6f4
commit
d7b7040408
@ -179,8 +179,14 @@ func NewServer(addrs []string, handler http.Handler, getCert certs.GetCertificat
|
||||
}
|
||||
|
||||
if secureCiphers || fips.Enabled {
|
||||
// Hardened ciphers
|
||||
tlsConfig.CipherSuites = fips.CipherSuitesTLS()
|
||||
tlsConfig.CurvePreferences = fips.EllipticCurvesTLS()
|
||||
} else {
|
||||
// Default ciphers while excluding those with security issues
|
||||
for _, cipher := range tls.CipherSuites() {
|
||||
tlsConfig.CipherSuites = append(tlsConfig.CipherSuites, cipher.ID)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user