-
Notifications
You must be signed in to change notification settings - Fork 248
/
options.go
33 lines (28 loc) 路 970 Bytes
/
options.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
package tlsutil
import (
"crypto/tls"
"github.com/smallstep/cli/crypto/x509util"
)
// TLSOptions represents the TLS options that can be specified on *tls.Config
// types to configure HTTPS servers and clients.
type TLSOptions struct {
CipherSuites x509util.CipherSuites `json:"cipherSuites" step:"cipherSuites"`
MinVersion x509util.TLSVersion `json:"minVersion" step:"minVersion"`
MaxVersion x509util.TLSVersion `json:"maxVersion" step:"maxVersion"`
Renegotiation bool `json:"renegotiation" step:"renegotiation"`
}
// TLSConfig returns the tls.Config equivalent of the TLSOptions.
func (t *TLSOptions) TLSConfig() *tls.Config {
var rs tls.RenegotiationSupport
if t.Renegotiation {
rs = tls.RenegotiateFreelyAsClient
} else {
rs = tls.RenegotiateNever
}
return &tls.Config{
CipherSuites: t.CipherSuites.Value(),
MinVersion: t.MinVersion.Value(),
MaxVersion: t.MaxVersion.Value(),
Renegotiation: rs,
}
}