From a9ad21b3b583627cf9b4caa61c73a0320dbdc625 Mon Sep 17 00:00:00 2001 From: bjdgyc Date: Tue, 17 Oct 2023 16:30:45 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9dtls=E5=8A=A0=E5=AF=86?= =?UTF-8?q?=E5=A5=97=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/handler/dtls.go | 13 ++++++------- server/handler/link_tunnel.go | 4 ++-- server/handler/server.go | 1 - 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/server/handler/dtls.go b/server/handler/dtls.go index 541e9fc..41fcbe7 100644 --- a/server/handler/dtls.go +++ b/server/handler/dtls.go @@ -34,12 +34,12 @@ func startDtls() { certificate tls.Certificate ) - //rsa 兼容 open connect + // rsa 兼容 open connect if dtlsSigneType == dtlsSigneRsa { priv, _ := rsa.GenerateKey(rand.Reader, 2048) certificate, err = selfsign.SelfSign(priv) } - //ecdsa + // ecdsa if dtlsSigneType == dtlsSigneEcdsa { certificate, err = selfsign.GenerateSelfSigned() } @@ -49,15 +49,14 @@ func startDtls() { logf := logging.NewDefaultLoggerFactory() logf.Writer = base.GetBaseLw() - //logf.DefaultLogLevel = logging.LogLevelTrace + // logf.DefaultLogLevel = logging.LogLevelTrace logf.DefaultLogLevel = logging.LogLevelInfo // https://github.com/pion/dtls/pull/369 sessStore := &sessionStore{} config := &dtls.Config{ - Certificates: []tls.Certificate{certificate}, - //InsecureSkipVerify: true, + Certificates: []tls.Certificate{certificate}, ExtendedMasterSecret: dtls.DisableExtendedMasterSecret, CipherSuites: []dtls.CipherSuiteID{ dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, @@ -132,10 +131,10 @@ func checkDtls12Ciphersuite(ciphersuite string) string { return "ECDHE-RSA-AES256-GCM-SHA384" - //var str2ciphersuite = map[string]dtls.CipherSuiteID{ + // var str2ciphersuite = map[string]dtls.CipherSuiteID{ // "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, // "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, // "ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, // "ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - //} + // } } diff --git a/server/handler/link_tunnel.go b/server/handler/link_tunnel.go index 185d352..61cf1a1 100644 --- a/server/handler/link_tunnel.go +++ b/server/handler/link_tunnel.go @@ -92,9 +92,9 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) { base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile) - //检测密码套件 + // 检测密码套件 dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite")) - base.Debug("dtlsCiphersuite", dtlsCiphersuite) + base.Trace("dtlsCiphersuite", dtlsCiphersuite) // 压缩 if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok { diff --git a/server/handler/server.go b/server/handler/server.go index 06d72d5..e8938e4 100644 --- a/server/handler/server.go +++ b/server/handler/server.go @@ -54,7 +54,6 @@ func startTls() { base.Trace("GetCertificate", chi.ServerName) return dbdata.GetCertificateBySNI(chi.ServerName) }, - // InsecureSkipVerify: true, } srv := &http.Server{ Addr: addr,