112 lines
2.6 KiB
Go
112 lines
2.6 KiB
Go
package tls
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"sort"
|
|
"strings"
|
|
)
|
|
|
|
var ErrCipherUnsupported = errors.New("unsupported cipher")
|
|
|
|
// InsecureCiphers returns the list of insecure ciphers among the list of given ciphers
|
|
func InsecureCiphers(ciphers []string) []string {
|
|
var insecure []string
|
|
|
|
for _, c := range ciphers {
|
|
cipher := strings.ToUpper(c)
|
|
if _, ok := tlsCipherMapInsecure[cipher]; ok {
|
|
insecure = append(insecure, c)
|
|
}
|
|
}
|
|
|
|
return insecure
|
|
}
|
|
|
|
// Ciphers returns the list of supported ciphers
|
|
func Ciphers() (secure, insecure []string) {
|
|
for c := range tlsCipherMapSecure {
|
|
secure = append(secure, c)
|
|
}
|
|
|
|
for c := range tlsCipherMapInsecure {
|
|
insecure = append(insecure, c)
|
|
}
|
|
|
|
return secure, insecure
|
|
}
|
|
|
|
// ParseCiphers returns a `[]uint16` by received `[]string` key that represents ciphers from crypto/tls.
|
|
// If some of ciphers in received list doesn't exists ParseCiphers returns nil with error
|
|
func ParseCiphers(ciphers []string) ([]uint16, error) {
|
|
suites := make([]uint16, 0)
|
|
added := make(map[uint16]bool, len(ciphers))
|
|
for _, c := range ciphers {
|
|
// Handle meta-keywords
|
|
switch c {
|
|
case "all":
|
|
for _, id := range tlsCipherMapInsecure {
|
|
if added[id] {
|
|
continue
|
|
}
|
|
suites = append(suites, id)
|
|
added[id] = true
|
|
}
|
|
for _, id := range tlsCipherMapSecure {
|
|
if added[id] {
|
|
continue
|
|
}
|
|
suites = append(suites, id)
|
|
added[id] = true
|
|
}
|
|
case "insecure":
|
|
for _, id := range tlsCipherMapInsecure {
|
|
if added[id] {
|
|
continue
|
|
}
|
|
suites = append(suites, id)
|
|
added[id] = true
|
|
}
|
|
case "secure":
|
|
for _, id := range tlsCipherMapSecure {
|
|
if added[id] {
|
|
continue
|
|
}
|
|
suites = append(suites, id)
|
|
added[id] = true
|
|
}
|
|
default:
|
|
cipher := strings.ToUpper(c)
|
|
id, ok := tlsCipherMapSecure[cipher]
|
|
if !ok {
|
|
idInsecure, ok := tlsCipherMapInsecure[cipher]
|
|
if !ok {
|
|
return nil, fmt.Errorf("%q %w", cipher, ErrCipherUnsupported)
|
|
}
|
|
id = idInsecure
|
|
}
|
|
if added[id] {
|
|
continue
|
|
}
|
|
suites = append(suites, id)
|
|
added[id] = true
|
|
}
|
|
}
|
|
|
|
return suites, nil
|
|
}
|
|
|
|
// ParseTLSVersion returns a `uint16` by received version string key that represents tls version from crypto/tls.
|
|
// If version isn't supported ParseTLSVersion returns 0 with error
|
|
func ParseTLSVersion(version string) (uint16, error) {
|
|
if v, ok := tlsVersionMap[version]; ok {
|
|
return v, nil
|
|
}
|
|
|
|
available := make([]string, 0, len(tlsVersionMap))
|
|
for n := range tlsVersionMap {
|
|
available = append(available, n)
|
|
}
|
|
sort.Strings(available)
|
|
return 0, fmt.Errorf("unsupported version %q (available: %s)", version, strings.Join(available, ","))
|
|
}
|