trastle/tls.go

## tls.go
import (
  "log"
  "net/http"
  "crypto/tls"
  "net"
  "code.google.com/p/go.net/websocket"
)

const (
  tlsListenAddress = ":443" // Where are we listening for TLS connections (address:port)
  tlsCertLocation = "/root/cert.pem"// Location of the SSL cert
  tlsKeyLocation = "/root/key.pem" // Location of the private key
)

func main(){

  http.HandleFunc("/tls", tlsHtmlTestPageHandler)       // Serving an HTML page.
  http.Handle("/wss", websocket.Handler(socketHandler)) // Serving a websockets connection.

  tlserr := ListenAndServeTLSNoEDHC(tlsListenAddress, tlsCertLocation, tlsKeyLocation, nil)

  if tlserr != nil {
    log.Print(tlserr)
  }
}

/*
 * A modified version of ListenAndServeTLS from the Go HTTP package which does not use EDHC cyphers.
 */
func ListenAndServeTLSNoEDHC(address string, certFile string, keyFile string, handler http.Handler) error {

  srv := &http.Server{Addr: address, Handler: handler}

  addr := srv.Addr
  if addr == "" {
    addr = ":https"
  }

  config := &tls.Config{}
  if srv.TLSConfig != nil {
    *config = *srv.TLSConfig
  }

  if config.NextProtos == nil {
    config.NextProtos = []string{"http/1.1"}
  }

  // Configure the cypher suites to exclude the poorly performing Elliptic curve Diffie–Hellman
  // See: https://groups.google.com/forum/?fromgroups=#!topic/golang-nuts/QTDzrcDQmmw
  cyphers := make([]uint16, 2)
  cyphers[0] = tls.TLS_RSA_WITH_RC4_128_SHA
  cyphers[1] = tls.TLS_RSA_WITH_AES_128_CBC_SHA
  config.CipherSuites = cyphers

  var err error
  config.Certificates = make([]tls.Certificate, 1)
  config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
  if err != nil {
    return err
  }

  conn, err := net.Listen("tcp", addr)
  if err != nil {
    return err
  }

  tlsListener := tls.NewListener(conn, config)
  return srv.Serve(tlsListener)
}
	import (
	"log"
	"net/http"
	"crypto/tls"
	"net"
	"code.google.com/p/go.net/websocket"
	)

	const (
	tlsListenAddress = ":443" // Where are we listening for TLS connections (address:port)
	tlsCertLocation = "/root/cert.pem"// Location of the SSL cert
	tlsKeyLocation = "/root/key.pem" // Location of the private key
	)

	func main(){

	http.HandleFunc("/tls", tlsHtmlTestPageHandler) // Serving an HTML page.
	http.Handle("/wss", websocket.Handler(socketHandler)) // Serving a websockets connection.

	tlserr := ListenAndServeTLSNoEDHC(tlsListenAddress, tlsCertLocation, tlsKeyLocation, nil)

	if tlserr != nil {
	log.Print(tlserr)
	}
	}

	/*
	* A modified version of ListenAndServeTLS from the Go HTTP package which does not use EDHC cyphers.
	*/
	func ListenAndServeTLSNoEDHC(address string, certFile string, keyFile string, handler http.Handler) error {

	srv := &http.Server{Addr: address, Handler: handler}

	addr := srv.Addr
	if addr == "" {
	addr = ":https"
	}

	config := &tls.Config{}
	if srv.TLSConfig != nil {
	config = srv.TLSConfig
	}

	if config.NextProtos == nil {
	config.NextProtos = []string{"http/1.1"}
	}

	// Configure the cypher suites to exclude the poorly performing Elliptic curve Diffie–Hellman
	// See: https://groups.google.com/forum/?fromgroups=#!topic/golang-nuts/QTDzrcDQmmw
	cyphers := make([]uint16, 2)
	cyphers[0] = tls.TLS_RSA_WITH_RC4_128_SHA
	cyphers[1] = tls.TLS_RSA_WITH_AES_128_CBC_SHA
	config.CipherSuites = cyphers

	var err error
	config.Certificates = make([]tls.Certificate, 1)
	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
	if err != nil {
	return err
	}

	conn, err := net.Listen("tcp", addr)
	if err != nil {
	return err
	}

	tlsListener := tls.NewListener(conn, config)
	return srv.Serve(tlsListener)
	}