github.com/searKing/golang/go@v1.2.117/net/http/defaults.go (about)

     1  package http
     2  
     3  import (
     4  	"crypto/tls"
     5  	"net/http"
     6  	"time"
     7  )
     8  
     9  var (
    10  	// DefaultCurvePreferences defines the recommended elliptic curves for modern TLS
    11  	DefaultCurvePreferences = []tls.CurveID{
    12  		tls.CurveP256,
    13  		tls.X25519, // Go 1.8 only
    14  	}
    15  
    16  	// DefaultCipherSuites defines the recommended cipher suites for modern TLS
    17  	DefaultCipherSuites = []uint16{
    18  		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    19  		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    20  		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
    21  		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
    22  		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    23  		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    24  
    25  		// Best disabled, as they don't provide Forward Secrecy,
    26  		// but might be necessary for some clients
    27  		// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
    28  		// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
    29  	}
    30  
    31  	// DefaultMinVersion defines the recommended minimum version to use for the TLS protocol (1.2)
    32  	DefaultMinVersion uint16 = tls.VersionTLS12
    33  
    34  	// DefaultReadTimeout sets the maximum time a client has to fully stream a request (5s)
    35  	DefaultReadTimeout = 5 * time.Second
    36  	// DefaultWriteTimeout sets the maximum amount of time a handler has to fully process a request (10s)
    37  	DefaultWriteTimeout = 10 * time.Second
    38  	// DefaultIdleTimeout sets the maximum amount of time a Keep-Alive connection can remain idle before
    39  	// being recycled (120s)
    40  	DefaultIdleTimeout = 120 * time.Second
    41  )
    42  
    43  // ServerWithDefaults patches a http.Server based on a best practice configuration
    44  // from Cloudflare: https://blog.cloudflare.com/exposing-go-on-the-internet/
    45  //
    46  // You can override the defaults by mutating the Default* variables exposed
    47  // by this package
    48  func ServerWithDefaults(srv *http.Server) *http.Server {
    49  	if srv.TLSConfig == nil {
    50  		srv.TLSConfig = &tls.Config{}
    51  	}
    52  
    53  	srv.TLSConfig.PreferServerCipherSuites = true
    54  	srv.TLSConfig.MinVersion = DefaultMinVersion
    55  	srv.TLSConfig.CurvePreferences = DefaultCurvePreferences
    56  	srv.TLSConfig.CipherSuites = DefaultCipherSuites
    57  
    58  	if srv.ReadTimeout == 0 {
    59  		srv.ReadTimeout = DefaultReadTimeout
    60  	}
    61  
    62  	if srv.WriteTimeout == 0 {
    63  		srv.WriteTimeout = DefaultWriteTimeout
    64  	}
    65  
    66  	if srv.IdleTimeout == 0 {
    67  		srv.IdleTimeout = DefaultIdleTimeout
    68  	}
    69  
    70  	return srv
    71  }