Fasthttp: TLS config MinVersion 1.2

Created on 6 May 2020  路  1Comment  路  Source: valyala/fasthttp

Hello :)

How can i add the following

cfg := &tls.Config{
  MinVersion:               tls.VersionTLS12,
  CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
  PreferServerCipherSuites: true,
  CipherSuites: []uint16{
    tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
    tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
    tls.TLS_RSA_WITH_AES_256_CBC_SHA,
  },
}

into

// ...

var f fasthttp.Server

f.Handler = tls

if err := f.ListenAndServeTLS(":443", "fullchain.pem", "privkey.pem"); err != nil {
   // ...
}

// ...

func tls(ctx *fasthttp.RequestCtx) {
  // ...
}

Please help.

Thank you very much

@erikdubbelboer do you have a chance to help me? :)

Most helpful comment

For custom tls options you will have to create your own tls listener and use fasthttp.Server.Serve instead. Here is an example:

cfg := &tls.Config{
    MinVersion:               tls.VersionTLS12,
    CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
    PreferServerCipherSuites: true,
    CipherSuites: []uint16{
        tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
        tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
        tls.TLS_RSA_WITH_AES_256_CBC_SHA,
    },
}

cert, err := tls.LoadX509KeyPair("fullchain.pem", "privkey.pem")
if err != nil {
    // ...
}

cfg.Certificates = append(cfg.Certificates, cert)

cfg.BuildNameToCertificate()

ln, err := net.Listen("tcp4", "0.0.0.0:443")
if err != nil {
    // ...
}

tln := tls.NewListener(ln, cfg)

var f fasthttp.Server

f.Handler = tls

if err := f.Serve(tln); err != nil {
    // ...
}

>All comments

For custom tls options you will have to create your own tls listener and use fasthttp.Server.Serve instead. Here is an example:

cfg := &tls.Config{
    MinVersion:               tls.VersionTLS12,
    CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
    PreferServerCipherSuites: true,
    CipherSuites: []uint16{
        tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
        tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
        tls.TLS_RSA_WITH_AES_256_CBC_SHA,
    },
}

cert, err := tls.LoadX509KeyPair("fullchain.pem", "privkey.pem")
if err != nil {
    // ...
}

cfg.Certificates = append(cfg.Certificates, cert)

cfg.BuildNameToCertificate()

ln, err := net.Listen("tcp4", "0.0.0.0:443")
if err != nil {
    // ...
}

tln := tls.NewListener(ln, cfg)

var f fasthttp.Server

f.Handler = tls

if err := f.Serve(tln); err != nil {
    // ...
}
Was this page helpful?
0 / 5 - 0 ratings

Related issues

danilobuiatti picture danilobuiatti  路  3Comments

vearutop picture vearutop  路  3Comments

imgurbot12 picture imgurbot12  路  5Comments

LeMoussel picture LeMoussel  路  3Comments

horgh picture horgh  路  5Comments