30 lines
1.0 KiB
Go
30 lines
1.0 KiB
Go
// cryptopasta - basic cryptography examples
|
|
//
|
|
// Written in 2016 by George Tankersley <george.tankersley@gmail.com>
|
|
//
|
|
// To the extent possible under law, the author(s) have dedicated all copyright
|
|
// and related and neighboring rights to this software to the public domain
|
|
// worldwide. This software is distributed without any warranty.
|
|
//
|
|
// You should have received a copy of the CC0 Public Domain Dedication along
|
|
// with this software. If not, see // <http://creativecommons.org/publicdomain/zero/1.0/>.
|
|
|
|
// Provides a recommended TLS configuration.
|
|
package cryptopasta
|
|
|
|
import "crypto/tls"
|
|
|
|
func DefaultTLSConfig() *tls.Config {
|
|
return &tls.Config{
|
|
// Avoids most of the memorably-named TLS attacks
|
|
MinVersion: tls.VersionTLS12,
|
|
// Causes servers to use Go's default ciphersuite preferences,
|
|
// which are tuned to avoid attacks. Does nothing on clients.
|
|
PreferServerCipherSuites: true,
|
|
// Only use curves which have constant-time implementations
|
|
CurvePreferences: []tls.CurveID{
|
|
tls.CurveP256,
|
|
},
|
|
}
|
|
}
|