habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4dee89db008d8b1d9552144a400e315aa1bee511
authentik/internal/utils/tls.go
authentik-db-cooper ab795e6642 internal: ignore insecure TLS certs (#5483) 
* servers: ignore insecure TLS certs

* slight refactor to have a single place for tls config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-05-05 15:57:52 +03:00

27 lines
632 B
Go
Raw Blame History

package utils
import "crypto/tls"
func GetTLSConfig() *tls.Config {
tlsConfig := &tls.Config{
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS12,
}
// Insecure SWEET32 attack ciphers, TLS config uses a fallback
insecureCiphersIds := []uint16{
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
}
defaultSecureCiphers := []uint16{}
for _, cs := range tls.CipherSuites() {
for _, icsId := range insecureCiphersIds {
if cs.ID != icsId {
defaultSecureCiphers = append(defaultSecureCiphers, cs.ID)
}
}
}
tlsConfig.CipherSuites = defaultSecureCiphers
return tlsConfig
}
Reference in New Issue View Git Blame Copy Permalink