mirror of https://github.com/dexidp/dex.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29 lines
1.0 KiB
29 lines
1.0 KiB
// cryptopasta - basic cryptography examples |
|
// |
|
// Written in 2016 by George Tankersley <george.tankersley@gmail.com> |
|
// |
|
// To the extent possible under law, the author(s) have dedicated all copyright |
|
// and related and neighboring rights to this software to the public domain |
|
// worldwide. This software is distributed without any warranty. |
|
// |
|
// You should have received a copy of the CC0 Public Domain Dedication along |
|
// with this software. If not, see // <http://creativecommons.org/publicdomain/zero/1.0/>. |
|
|
|
// Provides a recommended TLS configuration. |
|
package cryptopasta |
|
|
|
import "crypto/tls" |
|
|
|
func DefaultTLSConfig() *tls.Config { |
|
return &tls.Config{ |
|
// Avoids most of the memorably-named TLS attacks |
|
MinVersion: tls.VersionTLS12, |
|
// Causes servers to use Go's default ciphersuite preferences, |
|
// which are tuned to avoid attacks. Does nothing on clients. |
|
PreferServerCipherSuites: true, |
|
// Only use curves which have constant-time implementations |
|
CurvePreferences: []tls.CurveID{ |
|
tls.CurveP256, |
|
}, |
|
} |
|
}
|
|
|