Golang : Use TLS version 1.2 and enforce server security configuration over client


6662 views 30th December 2015

Tags : golang version-tls12 prefer-server-cipher-suites min-version max-version

Problem:

You want to force your Golang program to use TLS(Transport Layer Security) protocol version 1.2 only and use server TLS configuration instead of client. How to do that?

Solution:

Set the MinVersion, MaxVersion parameters to tls.VersionTLS12 and PreferServerCipherSuites to true. Setting PreferServerCipherSuites will force client to use server TLS configuration.

 config.MinVersion = tls.VersionTLS12 
 config.MaxVersion = tls.VersionTLS12
 config.PreferServerCipherSuites = true

For example:

 config := tls.Config{Certificates : []tls.Certificate{certificate}, ClientAuth: tls.RequireAnyClientCert}

 config.CipherSuites = []uint16{
 tls.TLS_RSA_WITH_AES_256_CBC_SHA,
 tls.TLS_RSA_WITH_AES_128_CBC_SHA,
 tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}

 config.MinVersion = tls.VersionTLS12 
 config.MaxVersion = tls.VersionTLS12
 config.PreferServerCipherSuites = true

References:

https://golang.org/pkg/crypto/tls/#pkg-constants

http://stackoverflow.com/questions/21562269/golang-how-to-specify-certificate-in-tls-config-for-http-client

Affiliate :

Hire Golang Developers

  See also : Golang : Use modern ciphers only in secure connection



Tags : golang version-tls12 prefer-server-cipher-suites min-version max-version

By Adam Ng

IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.


Advertisement

Tutorials

+4.7k Golang : Wait and sync.WaitGroup example


+5.8k Golang : Get URI segments by number and assign as variable example


+1.2k Golang : Rot13 and Rot5 algorithms example


+6.6k Golang : Use TLS version 1.2 and enforce server security configuration over client


+2.3k Golang : Convert IPv4 address to packed 32-bit binary format


+11.8k Golang : Securing password with salt


+5.4k Golang : Put UTF8 text on OpenCV video capture image frame


+13.1k Google Chrome : Your connection to website is encrypted with obsolete cryptography


+4.7k Golang : Get timezone offset from date or timestamp


+3.4k SSL : How to check if current certificate is sha1 or sha2 from command line


+4.1k Golang : Convert IP version 6 address to integer or decimal number


+1.8k Generate salted password with OpenSSL example