github.hscsec.cn/aerogo/aero@v1.0.0/Security.go (about) 1 package aero 2 3 import "crypto/tls" 4 5 // ApplicationSecurity stores the certificate data. 6 type ApplicationSecurity struct { 7 Key string 8 Certificate string 9 } 10 11 // Load expects the path of the certificate and the key. 12 func (security *ApplicationSecurity) Load(certificate string, key string) { 13 security.Certificate = certificate 14 security.Key = key 15 } 16 17 // createTLSConfig creates a secure TLS configuration. 18 func createTLSConfig() *tls.Config { 19 return &tls.Config{ 20 MinVersion: tls.VersionTLS12, 21 PreferServerCipherSuites: true, 22 CurvePreferences: []tls.CurveID{ 23 tls.CurveP521, 24 tls.CurveP384, 25 tls.CurveP256, 26 }, 27 CipherSuites: []uint16{ 28 // ECDSA is about 3 times faster than RSA on the server side. 29 tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 30 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 31 tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 32 33 // RSA is slower on the server side but still widely used. 34 tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 35 tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 36 }, 37 } 38 }