Ind.ie is now Small Technology Foundation.
Commit 24f9a2a2 authored by George MacRorie's avatar George MacRorie

Limited cipher suite set in tls.Config to one which supports both Golang and iOS

parent d2cd1f46
......@@ -357,7 +357,8 @@ func pulseMain() {
}
// The TLS configuration is used for both the listening socket and outgoing
// connections.
// connections. Includes a set of cipher suites supported by both Golang
// and iOS.
tlsCfg := &tls.Config{
Certificates: []tls.Certificate{cert},
......@@ -367,6 +368,14 @@ func pulseMain() {
SessionTicketsDisabled: true,
InsecureSkipVerify: true,
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
},
}
// If the read or write rate should be limited, set up a rate limiter for it.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment