7x31
/
anylink
mirror of https://github.com/bjdgyc/anylink.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

添加 DTLS12-CipherSuite 筛选

This commit is contained in:
bjdgyc 2023-11-09 10:52:10 +08:00
parent 9e1969e3d0
commit aa2b89855f
1 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
server/handler/dtls.go
View File

@ -59,12 +59,15 @@ func startDtls() {
config := &dtls.Config{ config := &dtls.Config{
Certificates: []tls.Certificate{certificate}, Certificates: []tls.Certificate{certificate},
ExtendedMasterSecret: dtls.DisableExtendedMasterSecret, ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
CipherSuites: []dtls.CipherSuiteID{ CipherSuites: func() []dtls.CipherSuiteID {
dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, var cs = []dtls.CipherSuiteID{}
dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, for _, v := range dtlsCipherSuites {
dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, for _, vv := range v {
dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cs = append(cs, vv)
}, }
}
return cs
}(),
LoggerFactory: logf, LoggerFactory: logf,
MTU: BufferSize, MTU: BufferSize,
SessionStore: sessStore, SessionStore: sessStore,
@ -128,22 +131,23 @@ func (ms *sessionStore) Del(key []byte) error {
} }
// 客户端和服务端映射 X-DTLS12-CipherSuite // 客户端和服务端映射 X-DTLS12-CipherSuite
var dtlsECDSA = map[string]dtls.CipherSuiteID{ var dtlsCipherSuites = map[string]map[string]dtls.CipherSuiteID{
"ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "ECDSA": {
"ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
} "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
},
var dtlsRSA = map[string]dtls.CipherSuiteID{ "RSA": {
"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
},
} }
func checkDtls12Ciphersuite(ciphersuite string) string { func checkDtls12Ciphersuite(ciphersuite string) string {
csArr := strings.Split(ciphersuite, ",") csArr := strings.Split(ciphersuite, ",")
// ECDSA
if dtlsSigneType == dtlsSigneEcdsa { if dtlsSigneType == dtlsSigneEcdsa {
for _, v := range csArr { for _, v := range csArr {
if _, ok := dtlsECDSA[v]; ok { if _, ok := dtlsCipherSuites["ECDSA"][v]; ok {
return v return v
} }
} }
@ -152,7 +156,7 @@ func checkDtls12Ciphersuite(ciphersuite string) string {
} }
for _, v := range csArr { for _, v := range csArr {
if _, ok := dtlsRSA[v]; ok { if _, ok := dtlsCipherSuites["RSA"][v]; ok {
return v return v
} }
} }