Simplify the cmd/http package overall by removing
custom plain text v/s tls connection detection, by
migrating to go1.12 and choose minimum version
to be go1.12
Also remove all the vendored deps, since they
are not useful anymore.
disk usage crawling is not needed when a tenant
is not sharing the same disk for multiple other
tenants. This PR adds an optimization when we
see a setup uses entire disk, we simply rely on
statvfs() to give us total usage.
This PR also additionally adds low priority
scheduling for usage check routine, such that
other go-routines blocked will be automatically
unblocked and prioritized before usage.
This change disables the non-constant-time implementations of P-384 and P-521.
As a consequence a client using just these curves cannot connect to the server.
This should be no real issues because (all) clients at least support P-256.
Further this change also rejects ECDSA private keys of P-384 and P-521.
While non-constant-time implementations for the ECDHE exchange don't expose an
obvious vulnerability, using P-384 or P-521 keys for the ECDSA signature may allow
pratical timing attacks.
Fixes#5844
This change restircts the supported cipher suites of the minio server.
The server only supports AEAD ciphers (Chacha20Poly1305 and
AES-GCM)
The supported cipher suites are:
- tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Fixes#5244 and #5291
* Refactor HTTP server to address bugs
* Remove unnecessary goroutine to start multiple TCP listeners.
* HTTP server waits for shutdown to maximum of Server.ShutdownTimeout
than per serverShutdownPoll.
* Handles new connection errors properly.
* Handles read and write timeout properly.
* Handles error on start of HTTP server properly by exiting minio
process.
Fixes#4494#4476 & fixed review comments
Harshavardhana