Add cipherSuites setting for TLS & XTLS (#78)

2025-05-01 01:44:15 +00:00 · 2020-12-16 20:53:55 +08:00 · 2020-12-16 20:53:55 +08:00 · 88dfed931b
commit 88dfed931b
parent 19ce0e99a5
7 changed files with 212 additions and 110 deletions
--- a/transport/internet/tls/config.go
+++ b/transport/internet/tls/config.go
@ -185,11 +185,12 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 	}

 	config := &tls.Config{
-		ClientSessionCache:     globalSessionCache,
-		RootCAs:                root,
-		InsecureSkipVerify:     c.AllowInsecure,
-		NextProtos:             c.NextProtocol,
-		SessionTicketsDisabled: c.DisableSessionResumption,
+		ClientSessionCache:       globalSessionCache,
+		RootCAs:                  root,
+		InsecureSkipVerify:       c.AllowInsecure,
+		NextProtos:               c.NextProtocol,
+		SessionTicketsDisabled:   c.DisableSessionResumption,
+		PreferServerCipherSuites: c.PreferServerCipherSuites,
 	}

 	for _, opt := range opts {
@ -223,6 +224,22 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 		config.NextProtos = []string{"h2", "http/1.1"}
 	}

+	var cipherSuites []uint16
+	if c.PreferServerCipherSuites && len(c.CipherSuites) > 0 {
+		cipherSuitesArray := strings.Split(c.CipherSuites, ":")
+		if len(cipherSuitesArray) > 0 {
+			all := tls.CipherSuites()
+			for _, suite := range cipherSuitesArray {
+				for _, s := range all {
+					if s.Name == suite {
+						cipherSuites = append(cipherSuites, s.ID)
+					}
+				}
+			}
+		}
+	}
+	config.CipherSuites = cipherSuites
+
 	return config
 }