github.hscsec.cn/aerogo/aero@v1.0.0/Security.go

github.hscsec.cn/aerogo/aero@v1.0.0/Security.go (about)

     1  package aero
     2  
     3  import "crypto/tls"
     4  
     5  // ApplicationSecurity stores the certificate data.
     6  type ApplicationSecurity struct {
     7  	Key         string
     8  	Certificate string
     9  }
    10  
    11  // Load expects the path of the certificate and the key.
    12  func (security *ApplicationSecurity) Load(certificate string, key string) {
    13  	security.Certificate = certificate
    14  	security.Key = key
    15  }
    16  
    17  // createTLSConfig creates a secure TLS configuration.
    18  func createTLSConfig() *tls.Config {
    19  	return &tls.Config{
    20  		MinVersion:               tls.VersionTLS12,
    21  		PreferServerCipherSuites: true,
    22  		CurvePreferences: []tls.CurveID{
    23  			tls.CurveP521,
    24  			tls.CurveP384,
    25  			tls.CurveP256,
    26  		},
    27  		CipherSuites: []uint16{
    28  			// ECDSA is about 3 times faster than RSA on the server side.
    29  			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    30  			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    31  			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
    32  
    33  			// RSA is slower on the server side but still widely used.
    34  			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    35  			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    36  		},
    37  	}
    38  }