Force clients to have certs

master
Harshavardhana 10 years ago
parent fec80fb1b3
commit 8a4128d304
  1. 11
      pkg/httpserver/tlshelpers.go
  2. 4
      pkg/utils/crypto/signers/signers.go

@ -3,7 +3,7 @@ package httpserver
import "crypto/tls" import "crypto/tls"
func getDefaultTLSConfig() *tls.Config { func getDefaultTLSConfig() *tls.Config {
config := &tls.Config{} config := tls.Config{}
//Use only modern ciphers //Use only modern ciphers
config.CipherSuites = []uint16{ config.CipherSuites = []uint16{
@ -17,13 +17,8 @@ func getDefaultTLSConfig() *tls.Config {
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
} }
//Use only TLS v1.2
config.MinVersion = tls.VersionTLS12
// Ignore client auth for now
config.ClientAuth = tls.NoClientCert
//Don't allow session resumption //Don't allow session resumption
config.SessionTicketsDisabled = true config.SessionTicketsDisabled = true
return config config.ClientAuth = tls.RequireAnyClientCert
return &config
} }

@ -33,10 +33,10 @@ package signers
// return true // return true
//} //}
// //
//func GetAccessID() { //func getAccessID() {
//} //}
// //
//func GetSecretID() { //func getSecretID() {
//} //}
// //
//// This package implements verification side of Object API Signature request //// This package implements verification side of Object API Signature request

Loading…
Cancel
Save