ref: 9365efb67d07b1c7047f5b4a527912f0c97b10cb
parent: 256596f5300b17c5c627cf8688f63e7bc6da83e8
author: Mike <Mike@vals-Mac-mini.hitronhub.home>
date: Thu Dec 5 05:41:37 PST 2019
Trying this out
--- a/router/cert.go
+++ b/router/cert.go
@@ -18,17 +18,19 @@
ca, err := svc.GetCertificate(&acm.GetCertificateInput{CertificateArn: &arn,
})
- cert, err := tls.LoadX509KeyPair("cert.pem", "key.pem")- if err != nil {- log.Fatal(err)
- }
-
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM([]byte(*ca.CertificateChain))
// Setup HTTPS client
tlsConfig := &tls.Config{- Certificates: []tls.Certificate{cert},+ MinVersion: tls.VersionTLS12,
+ CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},+ PreferServerCipherSuites: true,
+ CipherSuites: []uint16{+ tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+ tls.TLS_RSA_WITH_AES_256_CBC_SHA,
RootCAs: caCertPool,
}
tlsConfig.BuildNameToCertificate()
--- a/router/run.go
+++ b/router/run.go
@@ -33,21 +33,10 @@
mux.HandleFunc("/profile.html", d.profile) mux.HandleFunc("/", d.normal)//from https://github.com/denji/golang-tls (creative commons)
- cfg := &tls.Config{- MinVersion: tls.VersionTLS12,
- CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},- PreferServerCipherSuites: true,
- CipherSuites: []uint16{- tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
- tls.TLS_RSA_WITH_AES_256_CBC_SHA,
- },
- }
srv := &http.Server{Addr: ":4443",
Handler: mux,
- TLSConfig: cfg,
+ TLSConfig: getTlsConfig(),
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
}
return srv.ListenAndServeTLS("cert.pem", "key.pem")