mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-30 22:34:15 -05:00
tls: Use IANA-standard cipher suite names
This commit is contained in:
parent
dd6aa91d72
commit
28df6cedfe
3 changed files with 34 additions and 27 deletions
|
@ -86,7 +86,7 @@ func GetModules(scope string) []Module {
|
||||||
|
|
||||||
// handle the special case of an empty scope, which
|
// handle the special case of an empty scope, which
|
||||||
// should match only the top-level modules
|
// should match only the top-level modules
|
||||||
if len(scopeParts) == 1 && scopeParts[0] == "" {
|
if scope == "" {
|
||||||
scopeParts = []string{}
|
scopeParts = []string{}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -202,14 +202,5 @@ func onDemandAskRequest(ask string, name string) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// supportedCertKeyTypes is all the key types that are supported
|
|
||||||
// for certificates that are obtained through ACME.
|
|
||||||
var supportedCertKeyTypes = map[string]certcrypto.KeyType{
|
|
||||||
"RSA2048": certcrypto.RSA2048,
|
|
||||||
"RSA4096": certcrypto.RSA4096,
|
|
||||||
"P256": certcrypto.EC256,
|
|
||||||
"P384": certcrypto.EC384,
|
|
||||||
}
|
|
||||||
|
|
||||||
// Interface guard
|
// Interface guard
|
||||||
var _ managerMaker = (*ACMEManagerMaker)(nil)
|
var _ managerMaker = (*ACMEManagerMaker)(nil)
|
||||||
|
|
|
@ -18,28 +18,35 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
|
|
||||||
|
"github.com/go-acme/lego/certcrypto"
|
||||||
"github.com/klauspost/cpuid"
|
"github.com/klauspost/cpuid"
|
||||||
)
|
)
|
||||||
|
|
||||||
// supportedCipherSuites is the unordered map of cipher suite
|
// supportedCipherSuites is the unordered map of cipher suite
|
||||||
// string names to their definition in crypto/tls.
|
// string names to their definition in crypto/tls. All values
|
||||||
// TODO: might not be needed much longer, see:
|
// should be IANA-reserved names. See
|
||||||
// https://github.com/golang/go/issues/30325
|
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
|
||||||
|
// TODO: might not be needed much longer: https://github.com/golang/go/issues/30325
|
||||||
var supportedCipherSuites = map[string]uint16{
|
var supportedCipherSuites = map[string]uint16{
|
||||||
"ECDHE_ECDSA_AES256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||||
"ECDHE_RSA_AES256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
"ECDHE_ECDSA_AES128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||||
"ECDHE_RSA_AES128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
"ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
||||||
"ECDHE_RSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||||
"ECDHE_RSA_AES256_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||||
"ECDHE_RSA_AES128_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
"ECDHE_ECDSA_AES256_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||||
"ECDHE_ECDSA_AES128_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||||
"RSA_AES256_CBC_SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||||
"RSA_AES128_CBC_SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||||
"ECDHE_RSA_3DES_EDE_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
"TLS_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
"RSA_3DES_EDE_CBC_SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
"TLS_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
"TLS_RSA_WITH_AES_256_CBC_SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
"TLS_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
|
"TLS_RSA_WITH_AES_128_CBC_SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
"TLS_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
}
|
}
|
||||||
|
|
||||||
// defaultCipherSuites is the ordered list of all the cipher
|
// defaultCipherSuites is the ordered list of all the cipher
|
||||||
|
@ -86,6 +93,15 @@ var supportedCurves = map[string]tls.CurveID{
|
||||||
"P521": tls.CurveP521,
|
"P521": tls.CurveP521,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// supportedCertKeyTypes is all the key types that are supported
|
||||||
|
// for certificates that are obtained through ACME.
|
||||||
|
var supportedCertKeyTypes = map[string]certcrypto.KeyType{
|
||||||
|
"RSA2048": certcrypto.RSA2048,
|
||||||
|
"RSA4096": certcrypto.RSA4096,
|
||||||
|
"P256": certcrypto.EC256,
|
||||||
|
"P384": certcrypto.EC384,
|
||||||
|
}
|
||||||
|
|
||||||
// defaultCurves is the list of only the curves we want to use
|
// defaultCurves is the list of only the curves we want to use
|
||||||
// by default, in descending order of preference.
|
// by default, in descending order of preference.
|
||||||
//
|
//
|
||||||
|
|
Loading…
Reference in a new issue