Fasthttp: How set a custom TLS.Config?

Created on 6 Oct 2018  路  1Comment  路  Source: valyala/fasthttp

In the net/http is possible to use the TLSConfig:

srv := &http.Server{
    // ...
    TLSConfig: &tls.Config{
        MinVersion:               tls.VersionTLS12,
        CurvePreferences:         []tls.CurveID{tls.X25519, tls.CurveP256},
        PreferServerCipherSuites: true,
        CipherSuites: []uint16{
            tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
            tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
            tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
        },
    },
}

How I can get the same result using the fasthttp? The tlsConfig is private and it seems to be initialized by configTLS().

Most helpful comment

The fasthttp TLS functions are just simple wrappers. If someone makes a pull request to expose the tls.Config we would accept that.

For now it's really easy to just open your own tls listener and pass it to fasthttp:

    cfg := &tls.Config{
        MinVersion:               tls.VersionTLS12,
        CurvePreferences:         []tls.CurveID{tls.X25519, tls.CurveP256},
        PreferServerCipherSuites: true,
        CipherSuites: []uint16{
            tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
            tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
            tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
        },
    }

    cfg.Certificates = append(cfg.Certificates, cert)

    cfg.BuildNameToCertificate()

    ln, err := net.Listen("tcp4", "0.0.0.0:443")
    if err != nil {
        panic(err)
    }

    lnTls := tls.NewListener(ln, cfg)

    if err := fasthttp.Serve(lnTls, requestHandler); err != nil {
        panic(err)
    }

>All comments

The fasthttp TLS functions are just simple wrappers. If someone makes a pull request to expose the tls.Config we would accept that.

For now it's really easy to just open your own tls listener and pass it to fasthttp:

    cfg := &tls.Config{
        MinVersion:               tls.VersionTLS12,
        CurvePreferences:         []tls.CurveID{tls.X25519, tls.CurveP256},
        PreferServerCipherSuites: true,
        CipherSuites: []uint16{
            tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
            tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
            tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
        },
    }

    cfg.Certificates = append(cfg.Certificates, cert)

    cfg.BuildNameToCertificate()

    ln, err := net.Listen("tcp4", "0.0.0.0:443")
    if err != nil {
        panic(err)
    }

    lnTls := tls.NewListener(ln, cfg)

    if err := fasthttp.Serve(lnTls, requestHandler); err != nil {
        panic(err)
    }
Was this page helpful?
0 / 5 - 0 ratings