28 lines
802 B
Go
28 lines
802 B
Go
package config
|
|
|
|
import "crypto/tls"
|
|
|
|
// TLSConfigFor returns a robus TLS config from a given Config object.
|
|
func TLSConfigFor (conf Config) *tls.Config {
|
|
// following:
|
|
// https://blog.cloudflare.com/exposing-go-on-the-internet/
|
|
return &tls.Config {
|
|
PreferServerCipherSuites: true,
|
|
CurvePreferences: []tls.CurveID {
|
|
// https://safecurves.cr.yp.to/
|
|
tls.X25519,
|
|
tls.CurveP521,
|
|
},
|
|
MinVersion: tls.VersionTLS13,
|
|
CipherSuites: []uint16 {
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
|
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
},
|
|
Certificates: []tls.Certificate { conf.Certificate() },
|
|
}
|
|
}
|