修改dtls加密套件

2023-10-17 16:30:45 +08:00 · 2023-10-17 16:30:45 +08:00 · a9ad21b3b5
parent 43ca09e985
commit a9ad21b3b5
3 changed files with 8 additions and 10 deletions
--- a/server/handler/dtls.go
+++ b/server/handler/dtls.go
@ -34,12 +34,12 @@ func startDtls() {
 		certificate tls.Certificate
 	)

-	//rsa 兼容 open connect
+	// rsa 兼容 open connect
 	if dtlsSigneType == dtlsSigneRsa {
 		priv, _ := rsa.GenerateKey(rand.Reader, 2048)
 		certificate, err = selfsign.SelfSign(priv)
 	}
-	//ecdsa
+	// ecdsa
 	if dtlsSigneType == dtlsSigneEcdsa {
 		certificate, err = selfsign.GenerateSelfSigned()
 	}
@ -49,15 +49,14 @@ func startDtls() {

 	logf := logging.NewDefaultLoggerFactory()
 	logf.Writer = base.GetBaseLw()
-	//logf.DefaultLogLevel = logging.LogLevelTrace
+	// logf.DefaultLogLevel = logging.LogLevelTrace
 	logf.DefaultLogLevel = logging.LogLevelInfo

 	// https://github.com/pion/dtls/pull/369
 	sessStore := &sessionStore{}

 	config := &dtls.Config{
-		Certificates: []tls.Certificate{certificate},
-		//InsecureSkipVerify:   true,
+		Certificates:         []tls.Certificate{certificate},
 		ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
 		CipherSuites: []dtls.CipherSuiteID{
 			dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@ -132,10 +131,10 @@ func checkDtls12Ciphersuite(ciphersuite string) string {

 	return "ECDHE-RSA-AES256-GCM-SHA384"

-	//var str2ciphersuite = map[string]dtls.CipherSuiteID{
+	// var str2ciphersuite = map[string]dtls.CipherSuiteID{
 	//	"ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 	//	"ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	//	"ECDHE-RSA-AES256-GCM-SHA384":   dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 	//	"ECDHE-RSA-AES128-GCM-SHA256":   dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	//}
+	// }
 }
--- a/server/handler/link_tunnel.go
+++ b/server/handler/link_tunnel.go
@ -92,9 +92,9 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {

 	base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile)

-	//检测密码套件
+	// 检测密码套件
 	dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))
-	base.Debug("dtlsCiphersuite", dtlsCiphersuite)
+	base.Trace("dtlsCiphersuite", dtlsCiphersuite)

 	// 压缩
 	if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
--- a/server/handler/server.go
+++ b/server/handler/server.go
@ -54,7 +54,6 @@ func startTls() {
 			base.Trace("GetCertificate", chi.ServerName)
 			return dbdata.GetCertificateBySNI(chi.ServerName)
 		},
-		// InsecureSkipVerify: true,
 	}
 	srv := &http.Server{
 		Addr:         addr,