From c25269ef3925025f2db835d6ace37f0aad180d03 Mon Sep 17 00:00:00 2001 From: cosmincojocar Date: Mon, 16 Apr 2018 07:44:11 +0200 Subject: [PATCH] Regenerate the TLS config (#199) --- Gopkg.lock | 2 +- rules/tls_config.go | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Gopkg.lock b/Gopkg.lock index e49b087..3887d06 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -10,7 +10,7 @@ branch = "master" name = "github.com/mozilla/tls-observatory" packages = ["constants"] - revision = "26cf7187f27c96815d0b4d4ad6da36c7161d4bf8" + revision = "8791a200eb40f8625a152bfb8336171305f5f35c" [[projects]] name = "github.com/nbutton23/zxcvbn-go" diff --git a/rules/tls_config.go b/rules/tls_config.go index a226d2e..7242513 100644 --- a/rules/tls_config.go +++ b/rules/tls_config.go @@ -17,6 +17,8 @@ func NewModernTLSCheck(id string, conf gas.Config) (gas.Rule, []ast.Node) { goodCiphers: []string{ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", @@ -36,6 +38,8 @@ func NewIntermediateTLSCheck(id string, conf gas.Config) (gas.Rule, []ast.Node) MinVersion: 0x0301, MaxVersion: 0x0303, goodCiphers: []string{ + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", @@ -77,6 +81,8 @@ func NewOldTLSCheck(id string, conf gas.Config) (gas.Rule, []ast.Node) { MinVersion: 0x0300, MaxVersion: 0x0303, goodCiphers: []string{ + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",