Skip to content

Commit 7f55f53

Browse files
CopilotCopilot
authored
fix: disable 3DES cipher suites (#117)
1 parent 11d94af commit 7f55f53

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

service/proxy.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -307,6 +307,15 @@ func Start() {
307307
Addr: fmt.Sprintf(":%d", gatewayHttpsPort),
308308
TLSConfig: &tls.Config{
309309
MinVersion: tls.VersionTLS12,
310+
CipherSuites: []uint16{
311+
// Secure cipher suites for TLS 1.2 (excluding 3DES to prevent Sweet32 attack)
312+
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
313+
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
314+
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
315+
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
316+
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
317+
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
318+
},
310319
},
311320
}
312321

0 commit comments

Comments
 (0)