修改dtls加密套件

server/handler/dtls.go

@@ -57,7 +57,6 @@ func startDtls() {
 
 	config := &dtls.Config{
 		Certificates:         []tls.Certificate{certificate},
-		//InsecureSkipVerify:   true,
 		ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
 		CipherSuites: []dtls.CipherSuiteID{
 			dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

server/handler/link_tunnel.go

@@ -94,7 +94,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 
 	// 检测密码套件
 	dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))
-	base.Debug("dtlsCiphersuite", dtlsCiphersuite)
+	base.Trace("dtlsCiphersuite", dtlsCiphersuite)
 
 	// 压缩
 	if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {

server/handler/server.go

@@ -54,7 +54,6 @@ func startTls() {
 			base.Trace("GetCertificate", chi.ServerName)
 			return dbdata.GetCertificateBySNI(chi.ServerName)
 		},
-		// InsecureSkipVerify: true,
 	}
 	srv := &http.Server{
 		Addr:         addr,