1
0
mirror of https://github.com/securego/gosec.git synced 2024-12-30 21:19:46 +02:00

Update to config struct to unmarshal the mozilla server-side TLS conf version 5

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
Cosmin Cojocar 2019-09-09 15:04:54 +02:00 committed by Grant Murphy
parent e050355b4b
commit 76ce9f0147

View File

@ -36,7 +36,7 @@ type ServerSideTLSJson struct {
// see https://wiki.mozilla.org/Security/Server_Side_TLS
type Configuration struct {
OpenSSLCiphersuites []string `json:"openssl_ciphersuites"`
Ciphersuites []string `json:"ciphersuites"`
OpenSSLCiphers []string `json:"openssl_ciphers"`
TLSVersions []string `json:"tls_versions"`
TLSCurves []string `json:"tls_curves"`
CertificateTypes []string `json:"certificate_types"`
@ -87,7 +87,10 @@ func getGoCipherConfig(name string, sstls ServerSideTLSJson) (goCipherConfigurat
return cipherConf, fmt.Errorf("TLS configuration '%s' not found", name)
}
for _, cipherName := range conf.Ciphersuites {
// These ciphers are already defined in IANA format
cipherConf.Ciphers = append(cipherConf.Ciphers, conf.OpenSSLCiphersuites...)
for _, cipherName := range conf.OpenSSLCiphers {
cipherSuite, ok := constants.CipherSuites[cipherName]
if !ok {
log.Printf("'%s' cipher is not available in crypto/tls package\n", cipherName)