prefer server ciphers
This commit is contained in:
Matt Drollette
@@ -21,10 +21,22 @@ func NewReseedCommand() cli.Command {
|
|||||||
Name: "signer",
|
Name: "signer",
|
||||||
Usage: "Your su3 signing ID (ex. something@mail.i2p)",
|
Usage: "Your su3 signing ID (ex. something@mail.i2p)",
|
||||||
},
|
},
|
||||||
|
cli.StringFlag{
|
||||||
|
Name: "key",
|
||||||
|
Usage: "Path to your su3 signing private key",
|
||||||
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "netdb",
|
Name: "netdb",
|
||||||
Usage: "Path to NetDB directory containing routerInfos",
|
Usage: "Path to NetDB directory containing routerInfos",
|
||||||
},
|
},
|
||||||
|
cli.StringFlag{
|
||||||
|
Name: "tlsCert",
|
||||||
|
Usage: "Path to a TLS certificate",
|
||||||
|
},
|
||||||
|
cli.StringFlag{
|
||||||
|
Name: "tlsKey",
|
||||||
|
Usage: "Path to a TLS private key",
|
||||||
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "ip",
|
Name: "ip",
|
||||||
Value: "0.0.0.0",
|
Value: "0.0.0.0",
|
||||||
@@ -35,19 +47,6 @@ func NewReseedCommand() cli.Command {
|
|||||||
Value: "8080",
|
Value: "8080",
|
||||||
Usage: "Port to listen on",
|
Usage: "Port to listen on",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
|
||||||
Name: "tlsCert",
|
|
||||||
Usage: "Path to TLS certificate",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
|
||||||
Name: "tlsKey",
|
|
||||||
Usage: "Path to TLS private key",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
|
||||||
Name: "keyFile",
|
|
||||||
Value: "reseed_private.pem",
|
|
||||||
Usage: "Path to your su3 signing private key",
|
|
||||||
},
|
|
||||||
cli.IntFlag{
|
cli.IntFlag{
|
||||||
Name: "numRi",
|
Name: "numRi",
|
||||||
Value: 75,
|
Value: 75,
|
||||||
@@ -55,7 +54,8 @@ func NewReseedCommand() cli.Command {
|
|||||||
},
|
},
|
||||||
cli.IntFlag{
|
cli.IntFlag{
|
||||||
Name: "numSu3",
|
Name: "numSu3",
|
||||||
Usage: "Number of su3 files to build",
|
Value: 0,
|
||||||
|
Usage: "Number of su3 files to build (0 = automatic based on size of netdb)",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "interval",
|
Name: "interval",
|
||||||
@@ -64,6 +64,7 @@ func NewReseedCommand() cli.Command {
|
|||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "prefix",
|
Name: "prefix",
|
||||||
|
Value: "",
|
||||||
Usage: "Prefix path for the HTTP(S) server. (ex. /netdb)",
|
Usage: "Prefix path for the HTTP(S) server. (ex. /netdb)",
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
@@ -88,18 +89,30 @@ func reseedAction(c *cli.Context) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// @todo: prompt to generate a new key
|
||||||
|
signerKey := c.String("key")
|
||||||
|
if signerKey == "" {
|
||||||
|
fmt.Println("--key is required")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
reloadIntvl, err := time.ParseDuration(c.String("interval"))
|
reloadIntvl, err := time.ParseDuration(c.String("interval"))
|
||||||
if nil != err {
|
if nil != err {
|
||||||
log.Fatalf("'%s' is not a valid time interval.\n", reloadIntvl)
|
fmt.Printf("'%s' is not a valid time interval.\n", reloadIntvl)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// @todo: prompt to generate a new key
|
||||||
|
tlsKey := c.String("tlsKey")
|
||||||
|
tlsCert := c.String("tlsCert")
|
||||||
|
|
||||||
// use all cores
|
// use all cores
|
||||||
cpus := runtime.NumCPU()
|
cpus := runtime.NumCPU()
|
||||||
runtime.GOMAXPROCS(cpus)
|
runtime.GOMAXPROCS(cpus)
|
||||||
log.Printf("Using %d CPU cores.\n", cpus)
|
log.Printf("Using %d CPU cores.\n", cpus)
|
||||||
|
|
||||||
// load our signing privKey
|
// load our signing privKey
|
||||||
privKey, err := loadPrivateKey(c.String("keyfile"))
|
privKey, err := loadPrivateKey(signerKey)
|
||||||
if nil != err {
|
if nil != err {
|
||||||
log.Fatalln(err)
|
log.Fatalln(err)
|
||||||
}
|
}
|
||||||
@@ -121,13 +134,11 @@ func reseedAction(c *cli.Context) {
|
|||||||
server.Reseeder = reseeder
|
server.Reseeder = reseeder
|
||||||
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
|
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
|
||||||
|
|
||||||
// @todo check if tls cert exists, prompt to generate a new one if not
|
if tlsCert != "" && tlsKey != "" {
|
||||||
|
log.Printf("HTTPS server started on %s\n", server.Addr)
|
||||||
log.Printf("Server listening on %s\n", server.Addr)
|
log.Fatalln(server.ListenAndServeTLS(tlsCert, tlsKey))
|
||||||
|
|
||||||
if c.String("tlsCert") != "" && c.String("tlsKey") != "" {
|
|
||||||
log.Fatalln(server.ListenAndServeTLS(c.String("tlscert"), c.String("tlskey")))
|
|
||||||
} else {
|
} else {
|
||||||
|
log.Printf("HTTP server started on %s\n", server.Addr)
|
||||||
log.Fatalln(server.ListenAndServe())
|
log.Fatalln(server.ListenAndServe())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
6
main.go
6
main.go
@@ -15,10 +15,10 @@ func main() {
|
|||||||
app.Flags = []cli.Flag{}
|
app.Flags = []cli.Flag{}
|
||||||
app.Commands = []cli.Command{
|
app.Commands = []cli.Command{
|
||||||
cmd.NewReseedCommand(),
|
cmd.NewReseedCommand(),
|
||||||
cmd.NewSu3VerifyCommand(),
|
// cmd.NewSu3VerifyCommand(),
|
||||||
cmd.NewKeygenCommand(),
|
cmd.NewKeygenCommand(),
|
||||||
cmd.NewSu3Command(),
|
// cmd.NewSu3Command(),
|
||||||
cmd.NewSu3VerifyPublicCommand(),
|
// cmd.NewSu3VerifyPublicCommand(),
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := app.Run(os.Args); err != nil {
|
if err := app.Run(os.Args); err != nil {
|
||||||
|
|||||||
@@ -24,7 +24,10 @@ type Server struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func NewServer(prefix string, trustProxy bool) *Server {
|
func NewServer(prefix string, trustProxy bool) *Server {
|
||||||
config := &tls.Config{MinVersion: tls.VersionTLS10}
|
config := &tls.Config{
|
||||||
|
MinVersion: tls.VersionTLS10,
|
||||||
|
PreferServerCipherSuites: true,
|
||||||
|
}
|
||||||
h := &http.Server{TLSConfig: config}
|
h := &http.Server{TLSConfig: config}
|
||||||
server := Server{h, nil}
|
server := Server{h, nil}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user