Fasthttp: TLS configuration

Created on 1 Sep 2016  路  3Comments  路  Source: valyala/fasthttp

Golang has some TLS configurations available to use such as cipher suites and curve preferences (https://golang.org/src/crypto/tls/common.go?s=9735:14940#L263). Can I use those configuration in fasthttp server?

question

Most helpful comment

Here is an example on how to create an HTTPS server with a custom configuration:

    cfg := &tls.Config{
        MinVersion:               tls.VersionSSL30,
        CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256, tls.X25519},
        PreferServerCipherSuites: true,
        SessionTicketsDisabled:   true,
        CipherSuites: []uint16{
            tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
            tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
            tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
            tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
            tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
            tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
        },
    }

    cert, err := tls.LoadX509KeyPair("example.com.pem", "example.com.key")
    if err != nil {
        panic(err)
    }
    cfg.Certificates = append(cfg.Certificates, cert)

    cert, err = tls.LoadX509KeyPair("foo.com.pem", "foo.com.key")
    if err != nil {
        panic(err)
    }
    cfg.Certificates = append(cfg.Certificates, cert)

    cfg.BuildNameToCertificate()

    tmpLn, err := net.Listen("tcp4", "0.0.0.0:443")
    if err != nil {
        panic(err)
    }

    ln := tls.NewListener(tmpLn, cfg)

    s := &fasthttp.Server{
        Handler:     handler,
        ReadTimeout: time.Second,
    }

    if err := s.Serve(ln); err != nil {
        panic(err)
    }

All 3 comments

+1

Did you find a solution to it?

Here is an example on how to create an HTTPS server with a custom configuration:

    cfg := &tls.Config{
        MinVersion:               tls.VersionSSL30,
        CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256, tls.X25519},
        PreferServerCipherSuites: true,
        SessionTicketsDisabled:   true,
        CipherSuites: []uint16{
            tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
            tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
            tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
            tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
            tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
            tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
        },
    }

    cert, err := tls.LoadX509KeyPair("example.com.pem", "example.com.key")
    if err != nil {
        panic(err)
    }
    cfg.Certificates = append(cfg.Certificates, cert)

    cert, err = tls.LoadX509KeyPair("foo.com.pem", "foo.com.key")
    if err != nil {
        panic(err)
    }
    cfg.Certificates = append(cfg.Certificates, cert)

    cfg.BuildNameToCertificate()

    tmpLn, err := net.Listen("tcp4", "0.0.0.0:443")
    if err != nil {
        panic(err)
    }

    ln := tls.NewListener(tmpLn, cfg)

    s := &fasthttp.Server{
        Handler:     handler,
        ReadTimeout: time.Second,
    }

    if err := s.Serve(ln); err != nil {
        panic(err)
    }
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Fenny picture Fenny  路  4Comments

kirillDanshin picture kirillDanshin  路  5Comments

gogoods picture gogoods  路  3Comments

vearutop picture vearutop  路  3Comments

djannot picture djannot  路  3Comments