Open amandalal opened 2 years ago
For example:
// main.go
package main
import (
"crypto/tls"
"github.com/gin-gonic/gin"
"net/http"
)
func main() {
g := gin.Default()
g.GET("/", func(c *gin.Context) {
c.String(http.StatusOK, "OK")
})
srv := http.Server{
Addr: ":8443",
Handler: g,
TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS13,
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
// ...
},
},
}
_ = srv.ListenAndServeTLS("/path/to/certFile", "/path/to/keyFile")
}
@tsln1998 Thank you for this. It seems like this is the TLS Configuration for a Gin HTTP Server but I am trying to figure out how to set the CipherSuites for a Gin Router. Do you have any documentation for this?
@amandalal TLS configuration is for server, not for router.
@amandalal TLS configuration is for server, not for router.
So, how to configure the mTLS in Gin?
Description
There is no configuration option under Gin to restrict the TLS configuration to certain cipher suites. I am looking to restrict the types of CipherSuites that can send HTTP requests to our Gin Server to satisfy security requirements.