github.com/weaveworks/common@v0.0.0-20230728070032-dd9e68f319d5/server/tls_config.go (about) 1 package server 2 3 import ( 4 "crypto/tls" 5 fmt "fmt" 6 "strings" 7 8 "github.com/prometheus/exporter-toolkit/web" 9 ) 10 11 // Collect all cipher suite names and IDs recognized by Go, including insecure ones. 12 func allCiphers() map[string]web.Cipher { 13 acceptedCiphers := make(map[string]web.Cipher) 14 for _, suite := range tls.CipherSuites() { 15 acceptedCiphers[suite.Name] = web.Cipher(suite.ID) 16 } 17 for _, suite := range tls.InsecureCipherSuites() { 18 acceptedCiphers[suite.Name] = web.Cipher(suite.ID) 19 } 20 return acceptedCiphers 21 } 22 23 func stringToCipherSuites(s string) ([]web.Cipher, error) { 24 if s == "" { 25 return nil, nil 26 } 27 ciphersSlice := []web.Cipher{} 28 possibleCiphers := allCiphers() 29 for _, cipher := range strings.Split(s, ",") { 30 intValue, ok := possibleCiphers[cipher] 31 if !ok { 32 return nil, fmt.Errorf("cipher suite %q not recognized", cipher) 33 } 34 ciphersSlice = append(ciphersSlice, intValue) 35 } 36 return ciphersSlice, nil 37 } 38 39 // Using the same names that Kubernetes does 40 var tlsVersions = map[string]uint16{ 41 "VersionTLS10": tls.VersionTLS10, 42 "VersionTLS11": tls.VersionTLS11, 43 "VersionTLS12": tls.VersionTLS12, 44 "VersionTLS13": tls.VersionTLS13, 45 } 46 47 func stringToTLSVersion(s string) (web.TLSVersion, error) { 48 if s == "" { 49 return 0, nil 50 } 51 if version, ok := tlsVersions[s]; ok { 52 return web.TLSVersion(version), nil 53 } 54 return 0, fmt.Errorf("TLS version %q not recognized", s) 55 }