添加 DTLS12-CipherSuite 筛选

server/handler/dtls.go

@@ -8,6 +8,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"net"
+	"strings"
 	"time"
 
 	"github.com/bjdgyc/anylink/base"
@@ -60,7 +61,9 @@ func startDtls() {
 		ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
 		CipherSuites: []dtls.CipherSuiteID{
 			dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 			dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 		},
 		LoggerFactory: logf,
 		MTU:           BufferSize,
@@ -124,17 +127,35 @@ func (ms *sessionStore) Del(key []byte) error {
 	return nil
 }
 
+// 客户端和服务端映射 X-DTLS12-CipherSuite
+var dtlsECDSA = map[string]dtls.CipherSuiteID{
+	"ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	"ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+}
+
+var dtlsRSA = map[string]dtls.CipherSuiteID{
+	"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+	"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+}
+
 func checkDtls12Ciphersuite(ciphersuite string) string {
+	csArr := strings.Split(ciphersuite, ",")
+
 	if dtlsSigneType == dtlsSigneEcdsa {
+		for _, v := range csArr {
+			if _, ok := dtlsECDSA[v]; ok {
+				return v
+			}
+		}
+		// 返回默认值
 		return "ECDHE-ECDSA-AES256-GCM-SHA384"
 	}
 
+	for _, v := range csArr {
+		if _, ok := dtlsRSA[v]; ok {
+			return v
+		}
+	}
+	// 返回默认值
 	return "ECDHE-RSA-AES256-GCM-SHA384"
-
-	// var str2ciphersuite = map[string]dtls.CipherSuiteID{
-	//	"ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	//	"ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	//	"ECDHE-RSA-AES256-GCM-SHA384":   dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	//	"ECDHE-RSA-AES128-GCM-SHA256":   dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	// }
 }