tls: allow to configure all supported TLS versions and ciphers
Some checks failed
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2024-10-23 19:50:37 +02:00
parent 8d697bcc94
commit c69fbe6bf9
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF

View file

@ -646,6 +646,11 @@ func GetTLSCiphersFromNames(cipherNames []string) []uint16 {
ciphers = append(ciphers, c.ID) ciphers = append(ciphers, c.ID)
} }
} }
for _, c := range tls.InsecureCipherSuites() {
if c.Name == strings.TrimSpace(name) {
ciphers = append(ciphers, c.ID)
}
}
} }
if len(ciphers) == 0 { if len(ciphers) == 0 {
@ -807,7 +812,9 @@ func GetRedactedURL(rawurl string) string {
return u.Redacted() return u.Redacted()
} }
// GetTLSVersion returns the TLS version for integer: // GetTLSVersion returns the TLS version from an integer value:
// - 10 means TLS 1.0
// - 11 means TLS 1.1
// - 12 means TLS 1.2 // - 12 means TLS 1.2
// - 13 means TLS 1.3 // - 13 means TLS 1.3
// default is TLS 1.2 // default is TLS 1.2
@ -815,6 +822,10 @@ func GetTLSVersion(val int) uint16 {
switch val { switch val {
case 13: case 13:
return tls.VersionTLS13 return tls.VersionTLS13
case 11:
return tls.VersionTLS11
case 10:
return tls.VersionTLS10
default: default:
return tls.VersionTLS12 return tls.VersionTLS12
} }