Golang : Use modern ciphers only in secure connection




Problem:

You want to configure your Golang program to establish secure connection with "modern" type of ciphers and exclude the "obsolete" ciphers such as Triple DES standard - TLS_RSA_WITH_3DES_EDE_CBC_SHA

Solution:

The configuration in crypto/tls (see https://golang.org/src/crypto/tls/cipher_suites.go) includes Triple DES ciphers and we can override the configuration in our code to only use "modern" type of ciphers and discard "obsolete" ciphers.

For example, from the code fragments taken from https://www.socketloop.com/references/golang-crypto-tls-config-type-example

 config := tls.Config{Certificates : []tls.Certificate{certificate}, ClientAuth: tls.RequireAnyClientCert}

 config.CipherSuites = []uint16{
 tls.TLS_RSA_WITH_AES_256_CBC_SHA,
 tls.TLS_RSA_WITH_AES_128_CBC_SHA,
 tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}

To list out the type of ciphers in use... use this code fragment:

 for s := range config.CipherSuites {
 ciphersuit := &config.CipherSuites[s]
 fmt.Printf("Config.CipherSuite %d : %s\n", s, ciphersuit)
 }

Happy coding!

References:

https://golang.org/pkg/crypto/tls/#pkg-constants

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

https://www.socketloop.com/tutorials/google-chrome-your-connection-to-website-is-encrypted-with-obsolete-cryptography

https://www.socketloop.com/references/golang-crypto-tls-config-type-example

  See also : Google Chrome : Your connection to website is encrypted with obsolete cryptography





By Adam Ng

IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.


Advertisement