mirrors
/
AdGuardHome
mirror of https://github.com/AdguardTeam/AdGuardHome.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed conflict

This commit is contained in:
Rahul Somasundaram 2022-10-04 08:38:51 +05:30
parent bf792b83f6 6e7964c9e7
commit 8a924cb4ed
No known key found for this signature in database
GPG Key ID: AA8F0B27E83147BD
4 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
internal/aghtls/aghtls.go
View File

@ -1,7 +1,12 @@
// Package aghtls contains utilities for work with TLS. // Package aghtls contains utilities for work with TLS.
package aghtls package aghtls
import "crypto/tls" import (
"crypto/tls"
"github.com/AdguardTeam/golibs/log"
"golang.org/x/exp/slices"
)
// SaferCipherSuites returns a set of default cipher suites with vulnerable and // SaferCipherSuites returns a set of default cipher suites with vulnerable and
// weak cipher suites removed. // weak cipher suites removed.
@ -28,3 +33,14 @@ func SaferCipherSuites() (safe []uint16) {
return safe return safe
} }
func UserPreferredCipherSuites(ciphers []string) (userCiphers []uint16) {
for _, s := range tls.CipherSuites() {
if slices.Contains(ciphers, s.Name) {
userCiphers = append(userCiphers, s.ID)
log.Debug("user specified cipher : %s, ID : %d", s.Name, s.ID)
}
}
return userCiphers
}

3
internal/dnsforward/config.go
View File

@ -165,6 +165,9 @@ type TLSConfig struct {
cert tls.Certificate cert tls.Certificate
// DNS names from certificate (SAN) or CN value from Subject // DNS names from certificate (SAN) or CN value from Subject
dnsNames []string dnsNames []string
// ciphers specified by user
TLSCiphers []string `yaml:"tls_ciphers" json:"-"`
} }
// DNSCryptConfig is the DNSCrypt server configuration struct. // DNSCryptConfig is the DNSCrypt server configuration struct.

1
internal/home/home.go
View File

@ -383,6 +383,7 @@ func initWeb(args options, clientBuildFS fs.FS) (web *Web, err error) {
clientBetaFS: clientBetaFS, clientBetaFS: clientBetaFS,
serveHTTP3: config.DNS.ServeHTTP3, serveHTTP3: config.DNS.ServeHTTP3,
tlsCiphers: config.TLS.TLSCiphers,
} }
web = newWeb(&webConf) web = newWeb(&webConf)

13
internal/home/web.go
View File

@ -57,6 +57,9 @@ type webConfig struct {
firstRun bool firstRun bool
serveHTTP3 bool serveHTTP3 bool
// ciphers specified by user
tlsCiphers []string
} }
// httpsServer contains the data for the HTTPS server. // httpsServer contains the data for the HTTPS server.
@ -288,6 +291,14 @@ func (web *Web) tlsServerLoop() {
web.httpsServer.cond.L.Unlock() web.httpsServer.cond.L.Unlock()
var cipher []uint16
if len(web.conf.tlsCiphers) == 0 {
cipher = aghtls.SaferCipherSuites()
} else {
cipher = aghtls.UserPreferredCipherSuites(web.conf.tlsCiphers)
}
addr := netutil.JoinHostPort(web.conf.BindHost.String(), web.conf.PortHTTPS) addr := netutil.JoinHostPort(web.conf.BindHost.String(), web.conf.PortHTTPS)
web.httpsServer.server = &http.Server{ web.httpsServer.server = &http.Server{
ErrorLog: log.StdLog("web: https", log.DEBUG), ErrorLog: log.StdLog("web: https", log.DEBUG),
@ -295,7 +306,7 @@ func (web *Web) tlsServerLoop() {
TLSConfig: &tls.Config{ TLSConfig: &tls.Config{
Certificates: []tls.Certificate{web.httpsServer.cert}, Certificates: []tls.Certificate{web.httpsServer.cert},
RootCAs: Context.tlsRoots, RootCAs: Context.tlsRoots,
CipherSuites: aghtls.SaferCipherSuites(), CipherSuites: cipher,
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
}, },
Handler: withMiddlewares(Context.mux, limitRequestBody), Handler: withMiddlewares(Context.mux, limitRequestBody),