From aa2b89855ff4f4780911afd3e79f9b12189ed888 Mon Sep 17 00:00:00 2001
From: bjdgyc <bjdgyc@163.com>
Date: Thu, 9 Nov 2023 10:52:10 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20DTLS12-CipherSuite=20?=
 =?UTF-8?q?=E7=AD=9B=E9=80=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/handler/dtls.go | 38 +++++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/server/handler/dtls.go b/server/handler/dtls.go
index 960ab37..12667dc 100644
--- a/server/handler/dtls.go
+++ b/server/handler/dtls.go
@@ -59,12 +59,15 @@ func startDtls() {
 	config := &dtls.Config{
 		Certificates:         []tls.Certificate{certificate},
 		ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
-		CipherSuites: []dtls.CipherSuiteID{
-			dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-			dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-		},
+		CipherSuites: func() []dtls.CipherSuiteID {
+			var cs = []dtls.CipherSuiteID{}
+			for _, v := range dtlsCipherSuites {
+				for _, vv := range v {
+					cs = append(cs, vv)
+				}
+			}
+			return cs
+		}(),
 		LoggerFactory: logf,
 		MTU:           BufferSize,
 		SessionStore:  sessStore,
@@ -128,22 +131,23 @@ func (ms *sessionStore) Del(key []byte) error {
 }
 
 // 客户端和服务端映射 X-DTLS12-CipherSuite
-var dtlsECDSA = map[string]dtls.CipherSuiteID{
-	"ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	"ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-}
-
-var dtlsRSA = map[string]dtls.CipherSuiteID{
-	"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+var dtlsCipherSuites = map[string]map[string]dtls.CipherSuiteID{
+	"ECDSA": {
+		"ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		"ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+	},
+	"RSA": {
+		"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	},
 }
 
 func checkDtls12Ciphersuite(ciphersuite string) string {
 	csArr := strings.Split(ciphersuite, ",")
-
+	// ECDSA
 	if dtlsSigneType == dtlsSigneEcdsa {
 		for _, v := range csArr {
-			if _, ok := dtlsECDSA[v]; ok {
+			if _, ok := dtlsCipherSuites["ECDSA"][v]; ok {
 				return v
 			}
 		}
@@ -152,7 +156,7 @@ func checkDtls12Ciphersuite(ciphersuite string) string {
 	}
 
 	for _, v := range csArr {
-		if _, ok := dtlsRSA[v]; ok {
+		if _, ok := dtlsCipherSuites["RSA"][v]; ok {
 			return v
 		}
 	}