Create new shell2http binaries to solve CVE-2016-2183

[jlvrhee]

Current version of shell2http binaries are build with old go version which cause our security tooling to report CVE-2016-2183.

This seems to be solved with a new go version: link

Could you please create a new version of shell2http binaries by triggering github-action to publish the compiled code (like was done with last version link )

Thanks for your help

[msoap]

@jlvrhee i've created the new release - https://github.com/msoap/shell2http/releases/tag/v1.14.2

[jlvrhee]

@msoap Thanks for the quick help. We will install the new version and test to see if the issue is resolved

[jlvrhee]

@msoap Unfortunately The new release didn't solve our issue. After some investigation we found that improvents that have been done in the new go versions (crypto/tls package) were related to the client side but not to server side.

Therefor code changes are needed to really solve this issue. Could you please: 1) Disable TLS1.0 and TLS1.1 or atleast make this configurable, as these are seen as insecure. 2) Disable old ciphers that support 64 bit blocks. Best would be to only only modern block cipher with 128-bit blocks such as AES. Or atleast make this configurable. See for more info https://sweet32.info/