luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Remove TLS prefer server cipher suites configuration option due to deprecation in go 1.17. (#13084)

This commit is contained in:
Matt Schultz 2021-11-08 14:31:59 -06:00 committed by GitHub
parent d89c7b3d7e
commit 6fadf30a79
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
internalshared/configutil/listener.go
View File

@ -55,8 +55,6 @@ type Listener struct {
TLSMaxVersion string `hcl:"tls_max_version"` TLSMaxVersion string `hcl:"tls_max_version"`
TLSCipherSuites []uint16 `hcl:"-"` TLSCipherSuites []uint16 `hcl:"-"`
TLSCipherSuitesRaw string `hcl:"tls_cipher_suites"` TLSCipherSuitesRaw string `hcl:"tls_cipher_suites"`
TLSPreferServerCipherSuites bool `hcl:"-"`
TLSPreferServerCipherSuitesRaw interface{} `hcl:"tls_prefer_server_cipher_suites"`
TLSRequireAndVerifyClientCert bool `hcl:"-"` TLSRequireAndVerifyClientCert bool `hcl:"-"`
TLSRequireAndVerifyClientCertRaw interface{} `hcl:"tls_require_and_verify_client_cert"` TLSRequireAndVerifyClientCertRaw interface{} `hcl:"tls_require_and_verify_client_cert"`
TLSClientCAFile string `hcl:"tls_client_ca_file"` TLSClientCAFile string `hcl:"tls_client_ca_file"`
@ -216,14 +214,6 @@ func ParseListeners(result *SharedConfig, list *ast.ObjectList) error {
} }
} }
if l.TLSPreferServerCipherSuitesRaw != nil {
if l.TLSPreferServerCipherSuites, err = parseutil.ParseBool(l.TLSPreferServerCipherSuitesRaw); err != nil {
return multierror.Prefix(fmt.Errorf("invalid value for tls_prefer_server_cipher_suites: %w", err), fmt.Sprintf("listeners.%d", i))
}
l.TLSPreferServerCipherSuitesRaw = nil
}
if l.TLSRequireAndVerifyClientCertRaw != nil { if l.TLSRequireAndVerifyClientCertRaw != nil {
if l.TLSRequireAndVerifyClientCert, err = parseutil.ParseBool(l.TLSRequireAndVerifyClientCertRaw); err != nil { if l.TLSRequireAndVerifyClientCert, err = parseutil.ParseBool(l.TLSRequireAndVerifyClientCertRaw); err != nil {
return multierror.Prefix(fmt.Errorf("invalid value for tls_require_and_verify_client_cert: %w", err), fmt.Sprintf("listeners.%d", i)) return multierror.Prefix(fmt.Errorf("invalid value for tls_require_and_verify_client_cert: %w", err), fmt.Sprintf("listeners.%d", i))

1
internalshared/listenerutil/listener.go
View File

@ -104,7 +104,6 @@ PASSPHRASECORRECT:
GetCertificate: cg.GetCertificate, GetCertificate: cg.GetCertificate,
NextProtos: []string{"h2", "http/1.1"}, NextProtos: []string{"h2", "http/1.1"},
ClientAuth: tls.RequestClientCert, ClientAuth: tls.RequestClientCert,
PreferServerCipherSuites: l.TLSPreferServerCipherSuites,
} }
if l.TLSMinVersion == "" { if l.TLSMinVersion == "" {