gopkg.in/alecthomas/gometalinter.v3@v3.0.0/_linters/src/github.com/securego/gosec/rules/tls_config.go (about) 1 package rules 2 3 import ( 4 "go/ast" 5 6 "github.com/securego/gosec" 7 ) 8 9 // NewModernTLSCheck creates a check for Modern TLS ciphers 10 // DO NOT EDIT - generated by tlsconfig tool 11 func NewModernTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { 12 return &insecureConfigTLS{ 13 MetaData: gosec.MetaData{ID: id}, 14 requiredType: "crypto/tls.Config", 15 MinVersion: 0x0303, 16 MaxVersion: 0x0303, 17 goodCiphers: []string{ 18 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 19 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 20 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", 21 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", 22 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 23 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 24 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 25 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 26 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 27 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 28 }, 29 }, []ast.Node{(*ast.CompositeLit)(nil)} 30 } 31 32 // NewIntermediateTLSCheck creates a check for Intermediate TLS ciphers 33 // DO NOT EDIT - generated by tlsconfig tool 34 func NewIntermediateTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { 35 return &insecureConfigTLS{ 36 MetaData: gosec.MetaData{ID: id}, 37 requiredType: "crypto/tls.Config", 38 MinVersion: 0x0301, 39 MaxVersion: 0x0303, 40 goodCiphers: []string{ 41 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", 42 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", 43 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 44 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 45 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 46 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 47 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 48 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 49 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 50 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 51 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 52 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 53 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 54 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 55 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 56 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 57 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 58 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 59 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 60 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 61 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 62 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 63 "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 64 "TLS_RSA_WITH_AES_128_GCM_SHA256", 65 "TLS_RSA_WITH_AES_256_GCM_SHA384", 66 "TLS_RSA_WITH_AES_128_CBC_SHA256", 67 "TLS_RSA_WITH_AES_256_CBC_SHA256", 68 "TLS_RSA_WITH_AES_128_CBC_SHA", 69 "TLS_RSA_WITH_AES_256_CBC_SHA", 70 "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 71 }, 72 }, []ast.Node{(*ast.CompositeLit)(nil)} 73 } 74 75 // NewOldTLSCheck creates a check for Old TLS ciphers 76 // DO NOT EDIT - generated by tlsconfig tool 77 func NewOldTLSCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) { 78 return &insecureConfigTLS{ 79 MetaData: gosec.MetaData{ID: id}, 80 requiredType: "crypto/tls.Config", 81 MinVersion: 0x0300, 82 MaxVersion: 0x0303, 83 goodCiphers: []string{ 84 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", 85 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", 86 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 87 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 88 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 89 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 90 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 91 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 92 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 93 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 94 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 95 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 96 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 97 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 98 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 99 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 100 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 101 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 102 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 103 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 104 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 105 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 106 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 107 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 108 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 109 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 110 "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 111 "TLS_RSA_WITH_AES_128_GCM_SHA256", 112 "TLS_RSA_WITH_AES_256_GCM_SHA384", 113 "TLS_RSA_WITH_AES_128_CBC_SHA256", 114 "TLS_RSA_WITH_AES_256_CBC_SHA256", 115 "TLS_RSA_WITH_AES_128_CBC_SHA", 116 "TLS_RSA_WITH_AES_256_CBC_SHA", 117 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 118 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 119 "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 120 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 121 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 122 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 123 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 124 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 125 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 126 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 127 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 128 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 129 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 130 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 131 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 132 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 133 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 134 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 135 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 136 "TLS_DHE_RSA_WITH_SEED_CBC_SHA", 137 "TLS_DHE_DSS_WITH_SEED_CBC_SHA", 138 "TLS_RSA_WITH_SEED_CBC_SHA", 139 }, 140 }, []ast.Node{(*ast.CompositeLit)(nil)} 141 }