github.com/blend/go-sdk@v1.20220411.3/webutil/secure_cipher_suites.go

github.com/blend/go-sdk@v1.20220411.3/webutil/secure_cipher_suites.go (about)

     1  /*
     2  
     3  Copyright (c) 2022 - Present. Blend Labs, Inc. All rights reserved
     4  Use of this source code is governed by a MIT license that can be found in the LICENSE file.
     5  
     6  */
     7  
     8  package webutil
     9  
    10  import "crypto/tls"
    11  
    12  // TLSSecureCipherSuites sets the tls config to use secure cipher suites.
    13  func TLSSecureCipherSuites(tlsConfig *tls.Config) {
    14  	tlsConfig.MinVersion = tls.VersionTLS12
    15  	tlsConfig.CipherSuites = []uint16{
    16  		// Order matters here, DO NOT MOVE the first cipher lower it is required
    17  		// for http 2 that this be the first ciper in the list
    18  		// https://github.com/golang/go/issues/20213
    19  		// ciphers are dark magic and chrome is mean
    20  		// https://support.cloudflare.com/hc/en-us/articles/200933580-What-cipher-suites-does-CloudFlare-use-for-SSL-
    21  		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    22  		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    23  		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
    24  		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    25  		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    26  		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
    27  		tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
    28  		tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
    29  		tls.TLS_RSA_WITH_AES_128_CBC_SHA,
    30  		tls.TLS_RSA_WITH_AES_256_CBC_SHA,
    31  	}
    32  	tlsConfig.PreferServerCipherSuites = true
    33  }