tls: Avoid 3DES cipher (#13459)

3DES is enabled by default in Golang, this commit will use
tls.CipherSuites() which returns all ciphers excluding those with
security issues, such as 3DES.
This commit is contained in:
Anis Elleuch 2021-10-18 16:39:15 +01:00 committed by GitHub
parent 44e4bdc6f4
commit d7b7040408
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -179,8 +179,14 @@ func NewServer(addrs []string, handler http.Handler, getCert certs.GetCertificat
}
if secureCiphers || fips.Enabled {
// Hardened ciphers
tlsConfig.CipherSuites = fips.CipherSuitesTLS()
tlsConfig.CurvePreferences = fips.EllipticCurvesTLS()
} else {
// Default ciphers while excluding those with security issues
for _, cipher := range tls.CipherSuites() {
tlsConfig.CipherSuites = append(tlsConfig.CipherSuites, cipher.ID)
}
}
}