Merge pull request #647 from harshavardhana/pr_out_remove_unnecessary_tlshelpers_ssl_works_with_domain_certificate

master
Harshavardhana 10 years ago
commit 0c5aa7a3d8
  1. 1
      pkg/server/httpserver/httpserver.go
  2. 24
      pkg/server/httpserver/tlshelpers.go

@ -84,7 +84,6 @@ func start(ctrlChannel <-chan string, errorChannel chan<- error,
for _, host := range hosts {
fmt.Printf("Starting minio server on: https://%s:%s\n", host, port)
}
httpServer.TLSConfig = getDefaultTLSConfig()
err = httpServer.ListenAndServeTLS(config.CertFile, config.KeyFile)
}
errorChannel <- err

@ -1,24 +0,0 @@
package httpserver
import "crypto/tls"
func getDefaultTLSConfig() *tls.Config {
config := tls.Config{}
//Use only modern ciphers
config.CipherSuites = []uint16{
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
}
//Don't allow session resumption
config.SessionTicketsDisabled = true
config.ClientAuth = tls.RequireAnyClientCert
return &config
}
Loading…
Cancel
Save