mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 20:15:54 +00:00
cmd/tlsconfig: remove support for deprecated tls.VersionSSL30 (#412)
* cmd/tlsconfig: build tags to deprecate tls.VersionSSL30 from go1.14 * cmd/tlsconfig: build tags to turn off TLSv1.3 in go1.11
This commit is contained in:
parent
b4c76d4234
commit
df484bfa9e
4 changed files with 93 additions and 24 deletions
31
cmd/tlsconfig/tls_version_go11.go
Normal file
31
cmd/tlsconfig/tls_version_go11.go
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
// +build !go1.12
|
||||||
|
|
||||||
|
// This file can be removed once go1.11 is no longer supported
|
||||||
|
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"sort"
|
||||||
|
)
|
||||||
|
|
||||||
|
func mapTLSVersions(tlsVersions []string) []int {
|
||||||
|
var versions []int
|
||||||
|
for _, tlsVersion := range tlsVersions {
|
||||||
|
switch tlsVersion {
|
||||||
|
case "TLSv1.2":
|
||||||
|
versions = append(versions, tls.VersionTLS12)
|
||||||
|
case "TLSv1.1":
|
||||||
|
versions = append(versions, tls.VersionTLS11)
|
||||||
|
case "TLSv1":
|
||||||
|
versions = append(versions, tls.VersionTLS10)
|
||||||
|
case "SSLv3":
|
||||||
|
// unsupported from go1.14
|
||||||
|
versions = append(versions, tls.VersionSSL30)
|
||||||
|
default:
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sort.Ints(versions)
|
||||||
|
return versions
|
||||||
|
}
|
33
cmd/tlsconfig/tls_version_go12_go13.go
Normal file
33
cmd/tlsconfig/tls_version_go12_go13.go
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
// +build go1.12,!go1.14
|
||||||
|
|
||||||
|
// This file can be removed once go1.13 is no longer supported
|
||||||
|
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"sort"
|
||||||
|
)
|
||||||
|
|
||||||
|
func mapTLSVersions(tlsVersions []string) []int {
|
||||||
|
var versions []int
|
||||||
|
for _, tlsVersion := range tlsVersions {
|
||||||
|
switch tlsVersion {
|
||||||
|
case "TLSv1.3":
|
||||||
|
versions = append(versions, tls.VersionTLS13)
|
||||||
|
case "TLSv1.2":
|
||||||
|
versions = append(versions, tls.VersionTLS12)
|
||||||
|
case "TLSv1.1":
|
||||||
|
versions = append(versions, tls.VersionTLS11)
|
||||||
|
case "TLSv1":
|
||||||
|
versions = append(versions, tls.VersionTLS10)
|
||||||
|
case "SSLv3":
|
||||||
|
// unsupported from go1.14
|
||||||
|
versions = append(versions, tls.VersionSSL30)
|
||||||
|
default:
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sort.Ints(versions)
|
||||||
|
return versions
|
||||||
|
}
|
29
cmd/tlsconfig/tls_version_go14.go
Normal file
29
cmd/tlsconfig/tls_version_go14.go
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
// +build go1.14 !go1.11
|
||||||
|
|
||||||
|
// main
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"sort"
|
||||||
|
)
|
||||||
|
|
||||||
|
func mapTLSVersions(tlsVersions []string) []int {
|
||||||
|
var versions []int
|
||||||
|
for _, tlsVersion := range tlsVersions {
|
||||||
|
switch tlsVersion {
|
||||||
|
case "TLSv1.3":
|
||||||
|
versions = append(versions, tls.VersionTLS13)
|
||||||
|
case "TLSv1.2":
|
||||||
|
versions = append(versions, tls.VersionTLS12)
|
||||||
|
case "TLSv1.1":
|
||||||
|
versions = append(versions, tls.VersionTLS11)
|
||||||
|
case "TLSv1":
|
||||||
|
versions = append(versions, tls.VersionTLS10)
|
||||||
|
default:
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sort.Ints(versions)
|
||||||
|
return versions
|
||||||
|
}
|
|
@ -4,7 +4,6 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/tls"
|
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"flag"
|
"flag"
|
||||||
|
@ -14,7 +13,6 @@ import (
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"sort"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/mozilla/tls-observatory/constants"
|
"github.com/mozilla/tls-observatory/constants"
|
||||||
|
@ -112,28 +110,6 @@ func getGoCipherConfig(name string, sstls ServerSideTLSJson) (goCipherConfigurat
|
||||||
return cipherConf, nil
|
return cipherConf, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func mapTLSVersions(tlsVersions []string) []int {
|
|
||||||
var versions []int
|
|
||||||
for _, tlsVersion := range tlsVersions {
|
|
||||||
switch tlsVersion {
|
|
||||||
case "TLSv1.3":
|
|
||||||
versions = append(versions, tls.VersionTLS13)
|
|
||||||
case "TLSv1.2":
|
|
||||||
versions = append(versions, tls.VersionTLS12)
|
|
||||||
case "TLSv1.1":
|
|
||||||
versions = append(versions, tls.VersionTLS11)
|
|
||||||
case "TLSv1":
|
|
||||||
versions = append(versions, tls.VersionTLS10)
|
|
||||||
case "SSLv3":
|
|
||||||
versions = append(versions, tls.VersionSSL30)
|
|
||||||
default:
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sort.Ints(versions)
|
|
||||||
return versions
|
|
||||||
}
|
|
||||||
|
|
||||||
func getGoTLSConf() (goTLSConfiguration, error) {
|
func getGoTLSConf() (goTLSConfiguration, error) {
|
||||||
sstls, err := getTLSConfFromURL(TLSConfURL)
|
sstls, err := getTLSConfFromURL(TLSConfURL)
|
||||||
if err != nil || sstls == nil {
|
if err != nil || sstls == nil {
|
||||||
|
|
Loading…
Reference in a new issue