How to set up TLS cipher for Go server?

Question

How to set up TLS cipher for Go server?

I am currently using the following listen and serve command to start a secure webserver / fileserver:

http.ListenAndServeTLS(":443", "site.crt","site.key", router)

However, I want to set the cipher to TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and also set the minimum SSL / TLS version.

How can i do this?

I think I need to somehow use this Config structure , but I'm not sure how.

+3

ssl go encryption

Empirejones 05 jul. 15 at 0:08

source to share

1 answer

VonC · Accepted Answer · 2015-07-05T04:46:14+0000

You can see an example in secrpc/tls_server.go

:

tls.Listen("tcp", addr, &tls.Config{
    Certificates: []tls.Certificate{cert},
    CipherSuites: []uint16{
        tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
        tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    },
    MinVersion:               tls.VersionTLS12,
    PreferServerCipherSuites: true,
})

See also go / issues / 11047 for an example using ListenAndServeTLS: once you've defined yours Config

, you define your server:

server := &http.Server{Addr: ":4000", Handler: nil, TLSConfig: config}
server.ListenAndServeTLS(tlsPublicKey, tlsPrivateKey)

How to set up TLS cipher for Go server?

More articles: