github.com/searKing/golang/go@v1.2.117/net/http/defaults.go (about) 1 package http 2 3 import ( 4 "crypto/tls" 5 "net/http" 6 "time" 7 ) 8 9 var ( 10 // DefaultCurvePreferences defines the recommended elliptic curves for modern TLS 11 DefaultCurvePreferences = []tls.CurveID{ 12 tls.CurveP256, 13 tls.X25519, // Go 1.8 only 14 } 15 16 // DefaultCipherSuites defines the recommended cipher suites for modern TLS 17 DefaultCipherSuites = []uint16{ 18 tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 19 tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 20 tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 21 tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 22 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 23 tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 24 25 // Best disabled, as they don't provide Forward Secrecy, 26 // but might be necessary for some clients 27 // tls.TLS_RSA_WITH_AES_256_GCM_SHA384, 28 // tls.TLS_RSA_WITH_AES_128_GCM_SHA256, 29 } 30 31 // DefaultMinVersion defines the recommended minimum version to use for the TLS protocol (1.2) 32 DefaultMinVersion uint16 = tls.VersionTLS12 33 34 // DefaultReadTimeout sets the maximum time a client has to fully stream a request (5s) 35 DefaultReadTimeout = 5 * time.Second 36 // DefaultWriteTimeout sets the maximum amount of time a handler has to fully process a request (10s) 37 DefaultWriteTimeout = 10 * time.Second 38 // DefaultIdleTimeout sets the maximum amount of time a Keep-Alive connection can remain idle before 39 // being recycled (120s) 40 DefaultIdleTimeout = 120 * time.Second 41 ) 42 43 // ServerWithDefaults patches a http.Server based on a best practice configuration 44 // from Cloudflare: https://blog.cloudflare.com/exposing-go-on-the-internet/ 45 // 46 // You can override the defaults by mutating the Default* variables exposed 47 // by this package 48 func ServerWithDefaults(srv *http.Server) *http.Server { 49 if srv.TLSConfig == nil { 50 srv.TLSConfig = &tls.Config{} 51 } 52 53 srv.TLSConfig.PreferServerCipherSuites = true 54 srv.TLSConfig.MinVersion = DefaultMinVersion 55 srv.TLSConfig.CurvePreferences = DefaultCurvePreferences 56 srv.TLSConfig.CipherSuites = DefaultCipherSuites 57 58 if srv.ReadTimeout == 0 { 59 srv.ReadTimeout = DefaultReadTimeout 60 } 61 62 if srv.WriteTimeout == 0 { 63 srv.WriteTimeout = DefaultWriteTimeout 64 } 65 66 if srv.IdleTimeout == 0 { 67 srv.IdleTimeout = DefaultIdleTimeout 68 } 69 70 return srv 71 }