7x31/anylink
1
0
Fork 0
mirror of https://github.com/bjdgyc/anylink.git synced 2025-08-07 21:54:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

修复 CVE-2016-2183

Browse Source
This commit is contained in:
bjdgyc
2022-04-07 15:11:14 +08:00
parent 500a11612c
commit 2b580067a2
3 changed files with 41 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
server/admin/server.go
View File

@@ -2,6 +2,7 @@
package admin
import (
"crypto/tls"
"embed"
"net/http"
"net/http/pprof"
@@ -69,7 +70,25 @@ func StartAdmin() {
}
base.Info("Listen admin", base.Cfg.AdminAddr)
err := http.ListenAndServeTLS(base.Cfg.AdminAddr, base.Cfg.CertFile, base.Cfg.CertKey, r)
// 修复 CVE-2016-2183
cipherSuites := tls.CipherSuites()
selectedCipherSuites := make([]uint16, 0, len(cipherSuites))
for _, s := range cipherSuites {
selectedCipherSuites = append(selectedCipherSuites, s.ID)
}
// 设置tls信息
tlsConfig := &tls.Config{
NextProtos: []string{"http/1.1"},
MinVersion: tls.VersionTLS12,
CipherSuites: selectedCipherSuites,
}
srv := &http.Server{
Addr: base.Cfg.AdminAddr,
Handler: r,
TLSConfig: tlsConfig,
}
err := srv.ListenAndServeTLS(base.Cfg.CertFile, base.Cfg.CertKey)
if err != nil {
base.Fatal(err)
}