Last active
December 16, 2015 15:49
-
-
Save trastle/5458816 to your computer and use it in GitHub Desktop.
A snippet of Go code for serving HTML pages and WebSockets over TLS (Secure Web Sockets) .
This implementation avoids using the poorly performing EDHC cyphers which the HTTP packages uses as part of the default cypher suite. See the golang-nuts thread here for more info:
https://groups.google.com/forum/?fromgroups=#!topic/golang-nuts/QTDzrcDQmmw
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import ( | |
"log" | |
"net/http" | |
"crypto/tls" | |
"net" | |
"code.google.com/p/go.net/websocket" | |
) | |
const ( | |
tlsListenAddress = ":443" // Where are we listening for TLS connections (address:port) | |
tlsCertLocation = "/root/cert.pem"// Location of the SSL cert | |
tlsKeyLocation = "/root/key.pem" // Location of the private key | |
) | |
func main(){ | |
http.HandleFunc("/tls", tlsHtmlTestPageHandler) // Serving an HTML page. | |
http.Handle("/wss", websocket.Handler(socketHandler)) // Serving a websockets connection. | |
tlserr := ListenAndServeTLSNoEDHC(tlsListenAddress, tlsCertLocation, tlsKeyLocation, nil) | |
if tlserr != nil { | |
log.Print(tlserr) | |
} | |
} | |
/* | |
* A modified version of ListenAndServeTLS from the Go HTTP package which does not use EDHC cyphers. | |
*/ | |
func ListenAndServeTLSNoEDHC(address string, certFile string, keyFile string, handler http.Handler) error { | |
srv := &http.Server{Addr: address, Handler: handler} | |
addr := srv.Addr | |
if addr == "" { | |
addr = ":https" | |
} | |
config := &tls.Config{} | |
if srv.TLSConfig != nil { | |
*config = *srv.TLSConfig | |
} | |
if config.NextProtos == nil { | |
config.NextProtos = []string{"http/1.1"} | |
} | |
// Configure the cypher suites to exclude the poorly performing Elliptic curve Diffie–Hellman | |
// See: https://groups.google.com/forum/?fromgroups=#!topic/golang-nuts/QTDzrcDQmmw | |
cyphers := make([]uint16, 2) | |
cyphers[0] = tls.TLS_RSA_WITH_RC4_128_SHA | |
cyphers[1] = tls.TLS_RSA_WITH_AES_128_CBC_SHA | |
config.CipherSuites = cyphers | |
var err error | |
config.Certificates = make([]tls.Certificate, 1) | |
config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile) | |
if err != nil { | |
return err | |
} | |
conn, err := net.Listen("tcp", addr) | |
if err != nil { | |
return err | |
} | |
tlsListener := tls.NewListener(conn, config) | |
return srv.Serve(tlsListener) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment