How to set up TLS cipher for Go server?
I am currently using the following listen and serve command to start a secure webserver / fileserver:
http.ListenAndServeTLS(":443", "site.crt","site.key", router)
However, I want to set the cipher to TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and also set the minimum SSL / TLS version.
How can i do this?
I think I need to somehow use this Config structure , but I'm not sure how.
+3
source to share
1 answer
You can see an example in secrpc/tls_server.go
:
tls.Listen("tcp", addr, &tls.Config{
Certificates: []tls.Certificate{cert},
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
},
MinVersion: tls.VersionTLS12,
PreferServerCipherSuites: true,
})
See also go / issues / 11047 for an example using ListenAndServeTLS: once you've defined yours Config
, you define your server:
server := &http.Server{Addr: ":4000", Handler: nil, TLSConfig: config}
server.ListenAndServeTLS(tlsPublicKey, tlsPrivateKey)
+6
source to share