7x31
/
anylink
mirror of https://github.com/bjdgyc/anylink.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

添加 DTLS12-CipherSuite 筛选

This commit is contained in:
bjdgyc 2023-11-09 10:52:10 +08:00
parent 9e1969e3d0
commit aa2b89855f
1 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
server/handler/dtls.go
View File

@ -59,12 +59,15 @@ func startDtls() {
config := &dtls.Config{
Certificates: []tls.Certificate{certificate},
ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
CipherSuites: []dtls.CipherSuiteID{
dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
},
CipherSuites: func() []dtls.CipherSuiteID {
var cs = []dtls.CipherSuiteID{}
for _, v := range dtlsCipherSuites {
for _, vv := range v {
cs = append(cs, vv)
}
}
return cs
}(),
LoggerFactory: logf,
MTU: BufferSize,
SessionStore: sessStore,
@ -128,22 +131,23 @@ func (ms *sessionStore) Del(key []byte) error {
}
// 客户端和服务端映射 X-DTLS12-CipherSuite
var dtlsECDSA = map[string]dtls.CipherSuiteID{
"ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
}
var dtlsRSA = map[string]dtls.CipherSuiteID{
"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
var dtlsCipherSuites = map[string]map[string]dtls.CipherSuiteID{
"ECDSA": {
"ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
},
"RSA": {
"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
},
}
func checkDtls12Ciphersuite(ciphersuite string) string {
csArr := strings.Split(ciphersuite, ",")
// ECDSA
if dtlsSigneType == dtlsSigneEcdsa {
for _, v := range csArr {
if _, ok := dtlsECDSA[v]; ok {
if _, ok := dtlsCipherSuites["ECDSA"][v]; ok {
return v
}
}
@ -152,7 +156,7 @@ func checkDtls12Ciphersuite(ciphersuite string) string {
}
for _, v := range csArr {
if _, ok := dtlsRSA[v]; ok {
if _, ok := dtlsCipherSuites["RSA"][v]; ok {
return v
}
}