mirror of
https://github.com/ergochat/ergo.git
synced 2024-12-22 10:42:52 +01:00
parent
eb2dfa78c9
commit
1a5d079670
@ -58,6 +58,8 @@ server:
|
||||
# always send a PROXY protocol header ahead of the connection. See the
|
||||
# manual ("Reverse proxies") for more details.
|
||||
proxy: false
|
||||
# set the minimum TLS version:
|
||||
min-tls-version: 1.2
|
||||
|
||||
# Example of a Unix domain socket for proxying:
|
||||
# "/tmp/oragono_sock":
|
||||
|
@ -59,6 +59,7 @@ type listenerConfigBlock struct {
|
||||
TLS TLSListenConfig
|
||||
// SNI configuration, with multiple certificates:
|
||||
TLSCertificates []TLSListenConfig `yaml:"tls-certificates"`
|
||||
MinTLSVersion string `yaml:"min-tls-version"`
|
||||
Proxy bool
|
||||
Tor bool
|
||||
STSOnly bool `yaml:"sts-only"`
|
||||
@ -881,10 +882,29 @@ func loadTlsConfig(config listenerConfigBlock) (tlsConfig *tls.Config, err error
|
||||
result := tls.Config{
|
||||
Certificates: certificates,
|
||||
ClientAuth: clientAuth,
|
||||
MinVersion: tlsMinVersionFromString(config.MinTLSVersion),
|
||||
}
|
||||
return &result, nil
|
||||
}
|
||||
|
||||
func tlsMinVersionFromString(version string) uint16 {
|
||||
version = strings.ToLower(version)
|
||||
version = strings.TrimPrefix(version, "v")
|
||||
switch version {
|
||||
case "1", "1.0":
|
||||
return tls.VersionTLS10
|
||||
case "1.1":
|
||||
return tls.VersionTLS11
|
||||
case "1.2":
|
||||
return tls.VersionTLS12
|
||||
case "1.3":
|
||||
return tls.VersionTLS13
|
||||
default:
|
||||
// tls package will fill in a sane value, currently 1.0
|
||||
return 0
|
||||
}
|
||||
}
|
||||
|
||||
func loadCertWithLeaf(certFile, keyFile string) (cert tls.Certificate, err error) {
|
||||
// LoadX509KeyPair: "On successful return, Certificate.Leaf will be nil because
|
||||
// the parsed form of the certificate is not retained." tls.Config:
|
||||
|
@ -32,6 +32,8 @@ server:
|
||||
# always send a PROXY protocol header ahead of the connection. See the
|
||||
# manual ("Reverse proxies") for more details.
|
||||
proxy: false
|
||||
# optionally set the minimum TLS version (defaults to 1.0):
|
||||
# min-tls-version: 1.2
|
||||
|
||||
# Example of a Unix domain socket for proxying:
|
||||
# "/tmp/oragono_sock":
|
||||
|
Loading…
Reference in New Issue
Block a user