From 9e1969e3d07177325937178a0dd9653a0ff3f15a Mon Sep 17 00:00:00 2001
From: bjdgyc <bjdgyc@163.com>
Date: Wed, 8 Nov 2023 18:07:32 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20DTLS12-CipherSuite=20?=
 =?UTF-8?q?=E7=AD=9B=E9=80=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/handler/dtls.go | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/server/handler/dtls.go b/server/handler/dtls.go
index 41fcbe7..960ab37 100644
--- a/server/handler/dtls.go
+++ b/server/handler/dtls.go
@@ -8,6 +8,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"net"
+	"strings"
 	"time"
 
 	"github.com/bjdgyc/anylink/base"
@@ -60,7 +61,9 @@ func startDtls() {
 		ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
 		CipherSuites: []dtls.CipherSuiteID{
 			dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 			dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 		},
 		LoggerFactory: logf,
 		MTU:           BufferSize,
@@ -124,17 +127,35 @@ func (ms *sessionStore) Del(key []byte) error {
 	return nil
 }
 
+// 客户端和服务端映射 X-DTLS12-CipherSuite
+var dtlsECDSA = map[string]dtls.CipherSuiteID{
+	"ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	"ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+}
+
+var dtlsRSA = map[string]dtls.CipherSuiteID{
+	"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+	"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+}
+
 func checkDtls12Ciphersuite(ciphersuite string) string {
+	csArr := strings.Split(ciphersuite, ",")
+
 	if dtlsSigneType == dtlsSigneEcdsa {
+		for _, v := range csArr {
+			if _, ok := dtlsECDSA[v]; ok {
+				return v
+			}
+		}
+		// 返回默认值
 		return "ECDHE-ECDSA-AES256-GCM-SHA384"
 	}
 
+	for _, v := range csArr {
+		if _, ok := dtlsRSA[v]; ok {
+			return v
+		}
+	}
+	// 返回默认值
 	return "ECDHE-RSA-AES256-GCM-SHA384"
-
-	// var str2ciphersuite = map[string]dtls.CipherSuiteID{
-	//	"ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	//	"ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	//	"ECDHE-RSA-AES256-GCM-SHA384":   dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	//	"ECDHE-RSA-AES128-GCM-SHA256":   dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	// }
 }