Skip to content

Commit

Permalink
Added A grade cipher suite (#282)
Browse files Browse the repository at this point in the history
  • Loading branch information
@HarishH-DELL
HarishH-DELL authored Jun 7, 2024
1 parent fd7cb3b commit 6edc471
Showing 1 changed file with 24 additions and 2 deletions.
26 changes: 24 additions & 2 deletions cmd/sidecar-proxy/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,9 @@ func (pi *ProxyInstance) Start(proxyHost, access, refresh string) error {
pi.rp.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS13,
CipherSuites: GetSecuredCipherSuites(),
},
}
} else {
Expand All @@ -124,7 +127,9 @@ func (pi *ProxyInstance) Start(proxyHost, access, refresh string) error {
TLSClientConfig: &tls.Config{
RootCAs: pool,
InsecureSkipVerify: false,
MinVersion: tls.VersionTLS13,
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS13,
CipherSuites: GetSecuredCipherSuites(),
},
}
}
Expand Down Expand Up @@ -272,6 +277,9 @@ func run(log *logrus.Entry) error {
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{tlsCert},
InsecureSkipVerify: true, // #nosec G402
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS13,
CipherSuites: GetSecuredCipherSuites(),
}

var proxyInstances []*ProxyInstance
Expand Down Expand Up @@ -343,6 +351,9 @@ func refreshTokens(proxyHost url.URL, refreshToken string, accessToken *string,
httpClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS13,
CipherSuites: GetSecuredCipherSuites(),
},
}
} else {
Expand All @@ -354,7 +365,9 @@ func refreshTokens(proxyHost url.URL, refreshToken string, accessToken *string,
TLSClientConfig: &tls.Config{
RootCAs: pool,
InsecureSkipVerify: false,
MinVersion: tls.VersionTLS13,
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS13,
CipherSuites: GetSecuredCipherSuites(),
},
}
}
Expand Down Expand Up @@ -451,3 +464,12 @@ func getRootCertificatePool(log *logrus.Entry) (*x509.CertPool, error) {
}
return pool, nil
}

// GetSecuredCipherSuites returns a set of secure cipher suites.
func GetSecuredCipherSuites() (suites []uint16) {
securedSuite := tls.CipherSuites()
for _, v := range securedSuite {
suites = append(suites, v.ID)
}
return suites
}

0 comments on commit 6edc471

Please sign in to comment.