Golang : Use modern ciphers only in secure connection
Problem:
You want to configure your Golang program to establish secure connection with "modern" type of ciphers and exclude the "obsolete" ciphers such as Triple DES standard - TLS_RSA_WITH_3DES_EDE_CBC_SHA
Solution:
The configuration in crypto/tls
(see https://golang.org/src/crypto/tls/cipher_suites.go) includes Triple DES ciphers and we can override the configuration in our code to only use "modern" type of ciphers and discard "obsolete" ciphers.
For example, from the code fragments taken from https://www.socketloop.com/references/golang-crypto-tls-config-type-example
config := tls.Config{Certificates : []tls.Certificate{certificate}, ClientAuth: tls.RequireAnyClientCert}
config.CipherSuites = []uint16{
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}
To list out the type of ciphers in use... use this code fragment:
for s := range config.CipherSuites {
ciphersuit := &config.CipherSuites[s]
fmt.Printf("Config.CipherSuite %d : %s\n", s, ciphersuit)
}
Happy coding!
References:
https://golang.org/pkg/crypto/tls/#pkg-constants
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
https://www.socketloop.com/references/golang-crypto-tls-config-type-example
See also : Google Chrome : Your connection to website is encrypted with obsolete cryptography
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+10.2k Golang : Flip coin example
+13k Golang : Verify token from Google Authenticator App
+9.8k Golang : Embed secret text string into binary(executable) file
+13.6k Golang : Fix cannot use buffer (type bytes.Buffer) as type io.Writer(Write method has pointer receiver) error
+37.3k Golang : Comparing date or timestamp
+11.8k Golang : Get month name from date example
+12.8k Golang : Increment string example
+27.8k Get file path of temporary file in Go
+6.7k Golang : A simple forex opportunities scanner
+17.5k Golang : Put UTF8 text on OpenCV video capture image frame
+22.2k Golang : Strings to lowercase and uppercase example
+10.3k Golang : Simple File Server