parseTLSCipherSuites will parse cipher suite names like 'TLS_RSA_WITH_AES_128_CBC_SHA' to their tls cipher suite structs. If a cipher suite that is unsupported is passed in, this function will return an error. This function can return insecure cipher suites.
(ciphers []string)
| 1936 | // passed in, this function will return an error. |
| 1937 | // This function can return insecure cipher suites. |
| 1938 | func parseTLSCipherSuites(ciphers []string) ([]tls.CipherSuite, error) { |
| 1939 | if len(ciphers) == 0 { |
| 1940 | return nil, nil |
| 1941 | } |
| 1942 | |
| 1943 | var unsupported []string |
| 1944 | var supported []tls.CipherSuite |
| 1945 | // A custom set of supported ciphers. |
| 1946 | allCiphers := append(tls.CipherSuites(), tls.InsecureCipherSuites()...) |
| 1947 | for _, cipher := range ciphers { |
| 1948 | // For each cipher specified by the client, find the cipher in the |
| 1949 | // list of golang supported ciphers. |
| 1950 | var found *tls.CipherSuite |
| 1951 | for _, supported := range allCiphers { |
| 1952 | if strings.EqualFold(supported.Name, cipher) { |
| 1953 | found = supported |
| 1954 | break |
| 1955 | } |
| 1956 | } |
| 1957 | |
| 1958 | if found == nil { |
| 1959 | unsupported = append(unsupported, cipher) |
| 1960 | continue |
| 1961 | } |
| 1962 | |
| 1963 | supported = append(supported, *found) |
| 1964 | } |
| 1965 | |
| 1966 | if len(unsupported) > 0 { |
| 1967 | return nil, xerrors.Errorf("unsupported tls ciphers specified, see https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L53-L75: %s", strings.Join(unsupported, ", ")) |
| 1968 | } |
| 1969 | |
| 1970 | return supported, nil |
| 1971 | } |
| 1972 | |
| 1973 | // hasSupportedVersion is a helper function that returns true if the list |
| 1974 | // of supported versions contains a version between min and max. |
no test coverage detected