We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Based on my tests with ssllabs.com I only get downgrade attack prevention with TLS_FALLBACK_SCSV if I set MaxVersion in my tls.Config.
TLS_FALLBACK_SCSV
MaxVersion
tls.Config
I tried it with TLS_FALLBACK_SCSV as first and as the last entry of my cipher suites but without any luck.
Here my server code
config := &tls.Config{ MinVersion: tls.VersionTLS11, MaxVersion: tls.VersionTLS12, CipherSuites: []uint16{ tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, tls.TLS_RSA_WITH_AES_128_CBC_SHA, tls.TLS_RSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, }, PreferServerCipherSuites: true, ClientSessionCache: tls.NewLRUClientSessionCache(128), } server := &http.Server{Addr: ":4000", Handler: nil, TLSConfig: config} http2.ConfigureServer(server, nil) log.Printf("Staring webserver ...") go http.ListenAndServe(":3000", nil) server.ListenAndServeTLS(TLS_PUBLIC_KEY, TLS_PRIVATE_KEY)
The text was updated successfully, but these errors were encountered:
This was fixed in 1965b03 which will be included in the 1.5 release.
Sorry, something went wrong.
No branches or pull requests
Based on my tests with ssllabs.com I only get downgrade attack prevention with
TLS_FALLBACK_SCSV
if I setMaxVersion
in mytls.Config
.I tried it with
TLS_FALLBACK_SCSV
as first and as the last entry of my cipher suites but without any luck.Here my server code
The text was updated successfully, but these errors were encountered: