mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
cmd/tlsconfig: remove support for deprecated tls.VersionSSL30 (#412)
* cmd/tlsconfig: build tags to deprecate tls.VersionSSL30 from go1.14 * cmd/tlsconfig: build tags to turn off TLSv1.3 in go1.11
This commit is contained in:
parent
b4c76d4234
commit
df484bfa9e
4 changed files with 93 additions and 24 deletions
31
cmd/tlsconfig/tls_version_go11.go
Normal file
31
cmd/tlsconfig/tls_version_go11.go
Normal file
|
@ -0,0 +1,31 @@
|
|||
// +build !go1.12
|
||||
|
||||
// This file can be removed once go1.11 is no longer supported
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"sort"
|
||||
)
|
||||
|
||||
func mapTLSVersions(tlsVersions []string) []int {
|
||||
var versions []int
|
||||
for _, tlsVersion := range tlsVersions {
|
||||
switch tlsVersion {
|
||||
case "TLSv1.2":
|
||||
versions = append(versions, tls.VersionTLS12)
|
||||
case "TLSv1.1":
|
||||
versions = append(versions, tls.VersionTLS11)
|
||||
case "TLSv1":
|
||||
versions = append(versions, tls.VersionTLS10)
|
||||
case "SSLv3":
|
||||
// unsupported from go1.14
|
||||
versions = append(versions, tls.VersionSSL30)
|
||||
default:
|
||||
continue
|
||||
}
|
||||
}
|
||||
sort.Ints(versions)
|
||||
return versions
|
||||
}
|
33
cmd/tlsconfig/tls_version_go12_go13.go
Normal file
33
cmd/tlsconfig/tls_version_go12_go13.go
Normal file
|
@ -0,0 +1,33 @@
|
|||
// +build go1.12,!go1.14
|
||||
|
||||
// This file can be removed once go1.13 is no longer supported
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"sort"
|
||||
)
|
||||
|
||||
func mapTLSVersions(tlsVersions []string) []int {
|
||||
var versions []int
|
||||
for _, tlsVersion := range tlsVersions {
|
||||
switch tlsVersion {
|
||||
case "TLSv1.3":
|
||||
versions = append(versions, tls.VersionTLS13)
|
||||
case "TLSv1.2":
|
||||
versions = append(versions, tls.VersionTLS12)
|
||||
case "TLSv1.1":
|
||||
versions = append(versions, tls.VersionTLS11)
|
||||
case "TLSv1":
|
||||
versions = append(versions, tls.VersionTLS10)
|
||||
case "SSLv3":
|
||||
// unsupported from go1.14
|
||||
versions = append(versions, tls.VersionSSL30)
|
||||
default:
|
||||
continue
|
||||
}
|
||||
}
|
||||
sort.Ints(versions)
|
||||
return versions
|
||||
}
|
29
cmd/tlsconfig/tls_version_go14.go
Normal file
29
cmd/tlsconfig/tls_version_go14.go
Normal file
|
@ -0,0 +1,29 @@
|
|||
// +build go1.14 !go1.11
|
||||
|
||||
// main
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"sort"
|
||||
)
|
||||
|
||||
func mapTLSVersions(tlsVersions []string) []int {
|
||||
var versions []int
|
||||
for _, tlsVersion := range tlsVersions {
|
||||
switch tlsVersion {
|
||||
case "TLSv1.3":
|
||||
versions = append(versions, tls.VersionTLS13)
|
||||
case "TLSv1.2":
|
||||
versions = append(versions, tls.VersionTLS12)
|
||||
case "TLSv1.1":
|
||||
versions = append(versions, tls.VersionTLS11)
|
||||
case "TLSv1":
|
||||
versions = append(versions, tls.VersionTLS10)
|
||||
default:
|
||||
continue
|
||||
}
|
||||
}
|
||||
sort.Ints(versions)
|
||||
return versions
|
||||
}
|
|
@ -4,7 +4,6 @@ package main
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"flag"
|
||||
|
@ -14,7 +13,6 @@ import (
|
|||
"log"
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
"github.com/mozilla/tls-observatory/constants"
|
||||
|
@ -112,28 +110,6 @@ func getGoCipherConfig(name string, sstls ServerSideTLSJson) (goCipherConfigurat
|
|||
return cipherConf, nil
|
||||
}
|
||||
|
||||
func mapTLSVersions(tlsVersions []string) []int {
|
||||
var versions []int
|
||||
for _, tlsVersion := range tlsVersions {
|
||||
switch tlsVersion {
|
||||
case "TLSv1.3":
|
||||
versions = append(versions, tls.VersionTLS13)
|
||||
case "TLSv1.2":
|
||||
versions = append(versions, tls.VersionTLS12)
|
||||
case "TLSv1.1":
|
||||
versions = append(versions, tls.VersionTLS11)
|
||||
case "TLSv1":
|
||||
versions = append(versions, tls.VersionTLS10)
|
||||
case "SSLv3":
|
||||
versions = append(versions, tls.VersionSSL30)
|
||||
default:
|
||||
continue
|
||||
}
|
||||
}
|
||||
sort.Ints(versions)
|
||||
return versions
|
||||
}
|
||||
|
||||
func getGoTLSConf() (goTLSConfiguration, error) {
|
||||
sstls, err := getTLSConfFromURL(TLSConfURL)
|
||||
if err != nil || sstls == nil {
|
||||
|
|
Loading…
Reference in a new issue