mirror of
				https://gitcode.com/gitea/gitea.git
				synced 2025-10-25 03:57:13 +08:00 
			
		
		
		
	Make SSL cipher suite configurable (#17440)
This commit is contained in:
		| @ -95,48 +95,14 @@ func (srv *Server) ListenAndServe(serve ServeFunction) error { | ||||
| 	return srv.Serve(serve) | ||||
| } | ||||
|  | ||||
| // ListenAndServeTLS listens on the provided network address and then calls | ||||
| // Serve to handle requests on incoming TLS connections. | ||||
| // | ||||
| // Filenames containing a certificate and matching private key for the server must | ||||
| // be provided. If the certificate is signed by a certificate authority, the | ||||
| // certFile should be the concatenation of the server's certificate followed by the | ||||
| // CA's certificate. | ||||
| func (srv *Server) ListenAndServeTLS(certFile, keyFile string, serve ServeFunction) error { | ||||
| 	config := &tls.Config{} | ||||
| 	if config.NextProtos == nil { | ||||
| 		config.NextProtos = []string{"h2", "http/1.1"} | ||||
| 	} | ||||
|  | ||||
| 	config.Certificates = make([]tls.Certificate, 1) | ||||
|  | ||||
| 	certPEMBlock, err := os.ReadFile(certFile) | ||||
| 	if err != nil { | ||||
| 		log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, srv.network, srv.address, err) | ||||
| 		return err | ||||
| 	} | ||||
|  | ||||
| 	keyPEMBlock, err := os.ReadFile(keyFile) | ||||
| 	if err != nil { | ||||
| 		log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, srv.network, srv.address, err) | ||||
| 		return err | ||||
| 	} | ||||
|  | ||||
| 	config.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock) | ||||
| 	if err != nil { | ||||
| 		log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, srv.network, srv.address, err) | ||||
| 		return err | ||||
| 	} | ||||
|  | ||||
| 	return srv.ListenAndServeTLSConfig(config, serve) | ||||
| } | ||||
|  | ||||
| // ListenAndServeTLSConfig listens on the provided network address and then calls | ||||
| // Serve to handle requests on incoming TLS connections. | ||||
| func (srv *Server) ListenAndServeTLSConfig(tlsConfig *tls.Config, serve ServeFunction) error { | ||||
| 	go srv.awaitShutdown() | ||||
|  | ||||
| 	tlsConfig.MinVersion = tls.VersionTLS12 | ||||
| 	if tlsConfig.MinVersion == 0 { | ||||
| 		tlsConfig.MinVersion = tls.VersionTLS12 | ||||
| 	} | ||||
|  | ||||
| 	l, err := GetListener(srv.network, srv.address) | ||||
| 	if err != nil { | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 zeripath
					zeripath