tls: Use IANA-standard cipher suite names

This commit is contained in:
Matthew Holt 2019-07-18 09:52:43 -06:00
parent dd6aa91d72
commit 28df6cedfe
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
3 changed files with 34 additions and 27 deletions

View file

@ -86,7 +86,7 @@ func GetModules(scope string) []Module {
// handle the special case of an empty scope, which // handle the special case of an empty scope, which
// should match only the top-level modules // should match only the top-level modules
if len(scopeParts) == 1 && scopeParts[0] == "" { if scope == "" {
scopeParts = []string{} scopeParts = []string{}
} }

View file

@ -202,14 +202,5 @@ func onDemandAskRequest(ask string, name string) error {
return nil return nil
} }
// supportedCertKeyTypes is all the key types that are supported
// for certificates that are obtained through ACME.
var supportedCertKeyTypes = map[string]certcrypto.KeyType{
"RSA2048": certcrypto.RSA2048,
"RSA4096": certcrypto.RSA4096,
"P256": certcrypto.EC256,
"P384": certcrypto.EC384,
}
// Interface guard // Interface guard
var _ managerMaker = (*ACMEManagerMaker)(nil) var _ managerMaker = (*ACMEManagerMaker)(nil)

View file

@ -18,28 +18,35 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"github.com/go-acme/lego/certcrypto"
"github.com/klauspost/cpuid" "github.com/klauspost/cpuid"
) )
// supportedCipherSuites is the unordered map of cipher suite // supportedCipherSuites is the unordered map of cipher suite
// string names to their definition in crypto/tls. // string names to their definition in crypto/tls. All values
// TODO: might not be needed much longer, see: // should be IANA-reserved names. See
// https://github.com/golang/go/issues/30325 // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
// TODO: might not be needed much longer: https://github.com/golang/go/issues/30325
var supportedCipherSuites = map[string]uint16{ var supportedCipherSuites = map[string]uint16{
"ECDHE_ECDSA_AES256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"ECDHE_RSA_AES256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ECDHE_ECDSA_AES128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
"ECDHE_RSA_AES128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
"ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
"ECDHE_RSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
"ECDHE_RSA_AES256_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
"ECDHE_RSA_AES128_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
"ECDHE_ECDSA_AES256_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
"ECDHE_ECDSA_AES128_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
"RSA_AES256_CBC_SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
"RSA_AES128_CBC_SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
"ECDHE_RSA_3DES_EDE_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
"RSA_3DES_EDE_CBC_SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
"TLS_RSA_WITH_AES_256_CBC_SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA,
"TLS_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
"TLS_RSA_WITH_AES_128_CBC_SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA,
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
"TLS_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
} }
// defaultCipherSuites is the ordered list of all the cipher // defaultCipherSuites is the ordered list of all the cipher
@ -86,6 +93,15 @@ var supportedCurves = map[string]tls.CurveID{
"P521": tls.CurveP521, "P521": tls.CurveP521,
} }
// supportedCertKeyTypes is all the key types that are supported
// for certificates that are obtained through ACME.
var supportedCertKeyTypes = map[string]certcrypto.KeyType{
"RSA2048": certcrypto.RSA2048,
"RSA4096": certcrypto.RSA4096,
"P256": certcrypto.EC256,
"P384": certcrypto.EC384,
}
// defaultCurves is the list of only the curves we want to use // defaultCurves is the list of only the curves we want to use
// by default, in descending order of preference. // by default, in descending order of preference.
// //