Golang : Use modern ciphers only in secure connection

Problem:

You want to configure your Golang program to establish secure connection with "modern" type of ciphers and exclude the "obsolete" ciphers such as Triple DES standard - TLS_RSA_WITH_3DES_EDE_CBC_SHA

Solution:

The configuration in crypto/tls (see https://golang.org/src/crypto/tls/cipher_suites.go) includes Triple DES ciphers and we can override the configuration in our code to only use "modern" type of ciphers and discard "obsolete" ciphers.

For example, from the code fragments taken from https://www.socketloop.com/references/golang-crypto-tls-config-type-example

 config := tls.Config{Certificates : []tls.Certificate{certificate}, ClientAuth: tls.RequireAnyClientCert}

 config.CipherSuites = []uint16{
 tls.TLS_RSA_WITH_AES_256_CBC_SHA,
 tls.TLS_RSA_WITH_AES_128_CBC_SHA,
 tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}

To list out the type of ciphers in use... use this code fragment:

 for s := range config.CipherSuites {
 ciphersuit := &config.CipherSuites[s]
 fmt.Printf("Config.CipherSuite %d : %s\n", s, ciphersuit)
 }

Happy coding!

References:

https://golang.org/pkg/crypto/tls/#pkg-constants

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

https://www.socketloop.com/tutorials/google-chrome-your-connection-to-website-is-encrypted-with-obsolete-cryptography

https://www.socketloop.com/references/golang-crypto-tls-config-type-example