Enhance the cipher suite (#66)

dell · Jun 20, 2024 · bea2330 · bea2330
1 parent 9996b0a
commit bea2330
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/api/api.go b/api/api.go
@@ -267,6 +267,9 @@ func New(
 			c.http.Transport = &http.Transport{
 				TLSClientConfig: &tls.Config{
 					InsecureSkipVerify: true, //nolint:gosec,G402
+					MinVersion:         tls.VersionTLS12,
+					MaxVersion:         tls.VersionTLS13,
+					CipherSuites:       GetSecuredCipherSuites(),
 				},
 			}
 		} else {
@@ -278,6 +281,9 @@ func New(
 				TLSClientConfig: &tls.Config{ //nolint:gosec,G402
 					RootCAs:            pool,
 					InsecureSkipVerify: false,
+					MinVersion:         tls.VersionTLS12,
+					MaxVersion:         tls.VersionTLS13,
+					CipherSuites:       GetSecuredCipherSuites(),
 				},
 			}
 		}
@@ -745,3 +751,12 @@ func FetchValueIndexForKey(l string, match string, sep string) (int, int, int) {
 	}
 	return startIndex, endIndex, len(match)
 }
+
+// GetSecuredCipherSuites returns a set of secure cipher suites.
+func GetSecuredCipherSuites() (suites []uint16) {
+	securedSuite := tls.CipherSuites()
+	for _, v := range securedSuite {
+		suites = append(suites, v.ID)
+	}
+	return suites
+}