From 63212bb03354cd4c341305464a60cc8aad041682 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Mon, 7 Aug 2023 19:11:48 +0200 Subject: [PATCH] remove the legacy PreferServerCipherSuites configuration Signed-off-by: Nicola Murino --- internal/ftpd/server.go | 7 +++---- internal/httpd/server.go | 9 ++++----- internal/telemetry/telemetry.go | 9 ++++----- internal/webdavd/server.go | 9 ++++----- 4 files changed, 15 insertions(+), 19 deletions(-) diff --git a/internal/ftpd/server.go b/internal/ftpd/server.go index eeac46a3..317a4741 100644 --- a/internal/ftpd/server.go +++ b/internal/ftpd/server.go @@ -302,10 +302,9 @@ func (s *Server) buildTLSConfig() { certID = s.binding.GetAddress() } s.tlsConfig = &tls.Config{ - GetCertificate: certMgr.GetCertificateFunc(certID), - MinVersion: util.GetTLSVersion(s.binding.MinTLSVersion), - CipherSuites: s.binding.ciphers, - PreferServerCipherSuites: true, + GetCertificate: certMgr.GetCertificateFunc(certID), + MinVersion: util.GetTLSVersion(s.binding.MinTLSVersion), + CipherSuites: s.binding.ciphers, } logger.Debug(logSender, "", "configured TLS cipher suites for binding %q: %v, certID: %v", s.binding.GetAddress(), s.binding.ciphers, certID) diff --git a/internal/httpd/server.go b/internal/httpd/server.go index 20712840..b3889179 100644 --- a/internal/httpd/server.go +++ b/internal/httpd/server.go @@ -108,11 +108,10 @@ func (s *httpdServer) listenAndServe() error { certID = s.binding.GetAddress() } config := &tls.Config{ - GetCertificate: certMgr.GetCertificateFunc(certID), - MinVersion: util.GetTLSVersion(s.binding.MinTLSVersion), - NextProtos: []string{"http/1.1", "h2"}, - CipherSuites: util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites), - PreferServerCipherSuites: true, + GetCertificate: certMgr.GetCertificateFunc(certID), + MinVersion: util.GetTLSVersion(s.binding.MinTLSVersion), + NextProtos: []string{"http/1.1", "h2"}, + CipherSuites: util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites), } httpServer.TLSConfig = config logger.Debug(logSender, "", "configured TLS cipher suites for binding %q: %v, certID: %v", diff --git a/internal/telemetry/telemetry.go b/internal/telemetry/telemetry.go index 554c3333..dfeec713 100644 --- a/internal/telemetry/telemetry.go +++ b/internal/telemetry/telemetry.go @@ -126,11 +126,10 @@ func (c Conf) Initialize(configDir string) error { return err } config := &tls.Config{ - GetCertificate: certMgr.GetCertificateFunc(common.DefaultTLSKeyPaidID), - MinVersion: util.GetTLSVersion(c.MinTLSVersion), - NextProtos: []string{"http/1.1", "h2"}, - CipherSuites: util.GetTLSCiphersFromNames(c.TLSCipherSuites), - PreferServerCipherSuites: true, + GetCertificate: certMgr.GetCertificateFunc(common.DefaultTLSKeyPaidID), + MinVersion: util.GetTLSVersion(c.MinTLSVersion), + NextProtos: []string{"http/1.1", "h2"}, + CipherSuites: util.GetTLSCiphersFromNames(c.TLSCipherSuites), } logger.Debug(logSender, "", "configured TLS cipher suites: %v", config.CipherSuites) httpServer.TLSConfig = config diff --git a/internal/webdavd/server.go b/internal/webdavd/server.go index 4d75c950..6cde1200 100644 --- a/internal/webdavd/server.go +++ b/internal/webdavd/server.go @@ -80,11 +80,10 @@ func (s *webDavServer) listenAndServe(compressor *middleware.Compressor) error { certID = s.binding.GetAddress() } httpServer.TLSConfig = &tls.Config{ - GetCertificate: certMgr.GetCertificateFunc(certID), - MinVersion: util.GetTLSVersion(s.binding.MinTLSVersion), - NextProtos: []string{"http/1.1", "h2"}, - CipherSuites: util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites), - PreferServerCipherSuites: true, + GetCertificate: certMgr.GetCertificateFunc(certID), + MinVersion: util.GetTLSVersion(s.binding.MinTLSVersion), + NextProtos: []string{"http/1.1", "h2"}, + CipherSuites: util.GetTLSCiphersFromNames(s.binding.TLSCipherSuites), } logger.Debug(logSender, "", "configured TLS cipher suites for binding %q: %v, certID: %v", s.binding.GetAddress(), httpServer.TLSConfig.CipherSuites, certID)