In the net/http is possible to use the TLSConfig:
srv := &http.Server{
// ...
TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS12,
CurvePreferences: []tls.CurveID{tls.X25519, tls.CurveP256},
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
},
},
}
How I can get the same result using the fasthttp? The tlsConfig is private and it seems to be initialized by configTLS().
The fasthttp TLS functions are just simple wrappers. If someone makes a pull request to expose the tls.Config we would accept that.
For now it's really easy to just open your own tls listener and pass it to fasthttp:
cfg := &tls.Config{
MinVersion: tls.VersionTLS12,
CurvePreferences: []tls.CurveID{tls.X25519, tls.CurveP256},
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
},
}
cfg.Certificates = append(cfg.Certificates, cert)
cfg.BuildNameToCertificate()
ln, err := net.Listen("tcp4", "0.0.0.0:443")
if err != nil {
panic(err)
}
lnTls := tls.NewListener(ln, cfg)
if err := fasthttp.Serve(lnTls, requestHandler); err != nil {
panic(err)
}
Most helpful comment
The fasthttp TLS functions are just simple wrappers. If someone makes a pull request to expose the
tls.Configwe would accept that.For now it's really easy to just open your own tls listener and pass it to fasthttp: