mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Update the TLS config generator to handle TLS version 1.3
Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
parent
c0510fc45b
commit
e050355b4b
1 changed files with 6 additions and 1 deletions
|
@ -35,7 +35,7 @@ type ServerSideTLSJson struct {
|
||||||
// Configuration represents configurations levels declared by the Mozilla server-side-tls
|
// Configuration represents configurations levels declared by the Mozilla server-side-tls
|
||||||
// see https://wiki.mozilla.org/Security/Server_Side_TLS
|
// see https://wiki.mozilla.org/Security/Server_Side_TLS
|
||||||
type Configuration struct {
|
type Configuration struct {
|
||||||
OpenSSLCiphersuites string `json:"openssl_ciphersuites"`
|
OpenSSLCiphersuites []string `json:"openssl_ciphersuites"`
|
||||||
Ciphersuites []string `json:"ciphersuites"`
|
Ciphersuites []string `json:"ciphersuites"`
|
||||||
TLSVersions []string `json:"tls_versions"`
|
TLSVersions []string `json:"tls_versions"`
|
||||||
TLSCurves []string `json:"tls_curves"`
|
TLSCurves []string `json:"tls_curves"`
|
||||||
|
@ -47,6 +47,9 @@ type Configuration struct {
|
||||||
ECDHParamSize float64 `json:"ecdh_param_size"`
|
ECDHParamSize float64 `json:"ecdh_param_size"`
|
||||||
HstsMinAge float64 `json:"hsts_min_age"`
|
HstsMinAge float64 `json:"hsts_min_age"`
|
||||||
OldestClients []string `json:"oldest_clients"`
|
OldestClients []string `json:"oldest_clients"`
|
||||||
|
OCSPStample bool `json:"ocsp_staple"`
|
||||||
|
ServerPreferedOrder bool `json:"server_preferred_order"`
|
||||||
|
MaxCertLifespan float64 `json:"maximum_certificate_lifespan"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type goCipherConfiguration struct {
|
type goCipherConfiguration struct {
|
||||||
|
@ -108,6 +111,8 @@ func mapTLSVersions(tlsVersions []string) []int {
|
||||||
var versions []int
|
var versions []int
|
||||||
for _, tlsVersion := range tlsVersions {
|
for _, tlsVersion := range tlsVersions {
|
||||||
switch tlsVersion {
|
switch tlsVersion {
|
||||||
|
case "TLSv1.3":
|
||||||
|
versions = append(versions, tls.VersionTLS13)
|
||||||
case "TLSv1.2":
|
case "TLSv1.2":
|
||||||
versions = append(versions, tls.VersionTLS12)
|
versions = append(versions, tls.VersionTLS12)
|
||||||
case "TLSv1.1":
|
case "TLSv1.1":
|
||||||
|
|
Loading…
Reference in a new issue