rpc: set tls options (#168)

* rpc: set tls options * build: golangci-lint v1.30.0
2020-08-06 08:00:35 +00:00 · 2020-08-06 08:00:35 +00:00 · b8c6ffe1e0
commit b8c6ffe1e0
parent 5e592bb25b
2 changed files with 14 additions and 2 deletions
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -15,7 +15,7 @@ jobs:
      - name: Check out source
        uses: actions/checkout@v2
      - name: Install Linters
-        run: "curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.29.0"
+        run: "curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.30.0"
      - name: Build
        env:
          GO111MODULE: "on"
--- a/rpc/client.go
+++ b/rpc/client.go
@ -38,7 +38,19 @@ func setup(user, pass, addr string, cert []byte, n wsrpc.Notifier) *client {
 	// Create TLS options.
 	pool := x509.NewCertPool()
 	pool.AppendCertsFromPEM(cert)
-	tc := &tls.Config{RootCAs: pool}
+	tc := &tls.Config{
+		MinVersion:       tls.VersionTLS12,
+		CurvePreferences: []tls.CurveID{tls.X25519, tls.CurveP256},
+		CipherSuites: []uint16{ // Only applies to TLS 1.2. TLS 1.3 ciphersuites are not configurable.
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		},
+		RootCAs: pool,
+	}
 	tlsOpt := wsrpc.WithTLSConfig(tc)

 	// Create authentication options.