dispatch/server/tls.go

package server

import (
	"crypto/tls"
	"os"

	"github.com/klauspost/cpuid"
)

func getCipherSuites() []uint16 {
	if cpuid.CPU.AesNi() {
		return []uint16{
			tls.TLS_FALLBACK_SCSV,
			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
		}
	}

	return []uint16{
		tls.TLS_FALLBACK_SCSV,
		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}
}

func (d *Dispatch) certExists() bool {
	cfg := d.Config().HTTPS

	if cfg.Cert == "" || cfg.Key == "" {
		return false
	}

	if _, err := os.Stat(cfg.Cert); err != nil {
		return false
	}
	if _, err := os.Stat(cfg.Key); err != nil {
		return false
	}

	return true
}
Let's Encrypt 2016-01-04 18:26:32 +00:00			`package server`

			`import (`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`"crypto/tls"`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`"os"`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00
			`"github.com/klauspost/cpuid"`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`)`

Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`func getCipherSuites() []uint16 {`
			`if cpuid.CPU.AesNi() {`
			`return []uint16{`
			`tls.TLS_FALLBACK_SCSV,`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,`
			`tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,`
			`tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,`
			`tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,`
			`tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,`
			`}`
			`}`

			`return []uint16{`
			`tls.TLS_FALLBACK_SCSV,`
			`tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,`
			`tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,`
			`tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,`
			`tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}`
			`}`

Pass in config struct 2018-12-11 09:51:20 +00:00			`func (d *Dispatch) certExists() bool {`
			`cfg := d.Config().HTTPS`
Let's Encrypt 2016-01-04 18:26:32 +00:00
Pass in config struct 2018-12-11 09:51:20 +00:00			`if cfg.Cert == "" \|\| cfg.Key == "" {`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`return false`
			`}`

Pass in config struct 2018-12-11 09:51:20 +00:00			`if _, err := os.Stat(cfg.Cert); err != nil {`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`return false`
			`}`
Pass in config struct 2018-12-11 09:51:20 +00:00			`if _, err := os.Stat(cfg.Key); err != nil {`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`return false`
			`}`

			`return true`
			`}`