cipher suites TLS configuration

[amandalal]

• With issues:
  • Use the search tool before opening a new issue.
  • Please provide source code and commit sha if you found a bug.
  • Review existing issues and provide feedback or react to them.

Description

There is no configuration option under Gin to restrict the TLS configuration to certain cipher suites. I am looking to restrict the types of CipherSuites that can send HTTP requests to our Gin Server to satisfy security requirements.

[tsln1998]

For example:

// main.go
package main

import (
    "crypto/tls"
    "github.com/gin-gonic/gin"
    "net/http"
)

func main() {
    g := gin.Default()
    g.GET("/", func(c *gin.Context) {
        c.String(http.StatusOK, "OK")
    })

    srv := http.Server{
        Addr:    ":8443",
        Handler: g,
        TLSConfig: &tls.Config{
            MinVersion: tls.VersionTLS12,
            MaxVersion: tls.VersionTLS13,
            PreferServerCipherSuites: true,
            CipherSuites: []uint16{
                tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
                tls.TLS_RSA_WITH_AES_128_CBC_SHA,
                tls.TLS_RSA_WITH_AES_256_CBC_SHA,
                // ...
            },
        },
    }
    _ = srv.ListenAndServeTLS("/path/to/certFile", "/path/to/keyFile")
}

[amandalal]

@tsln1998 Thank you for this. It seems like this is the TLS Configuration for a Gin HTTP Server but I am trying to figure out how to set the CipherSuites for a Gin Router. Do you have any documentation for this?

[jincheng9]

@amandalal TLS configuration is for server, not for router.

[ZenkieBear]

@amandalal TLS configuration is for server, not for router.

So, how to configure the mTLS in Gin?