more restrictive tls ciphers

2014-12-14 19:37:42 -06:00
parent 304893313a
commit 481a472f8b
4 changed files with 28 additions and 7 deletions
--- a/reseed/server.go
+++ b/reseed/server.go
@@ -27,6 +27,21 @@ func NewServer(prefix string, trustProxy bool) *Server {
 	config := &tls.Config{
 		MinVersion:               tls.VersionTLS10,
 		PreferServerCipherSuites: true,
+
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+			tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+			tls.TLS_FALLBACK_SCSV,
+		},
 	}
 	h := &http.Server{TLSConfig: config}
 	server := Server{h, nil}