Merge pull request #52 from dell/cipherSuiteEnhancement

Enhancing cipher suite
dell · Jun 18, 2024 · 2cc3b38 · 2cc3b38
2 parents e4c84a0 + b5526dd
commit 2cc3b38
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 3 deletions.
diff --git a/api/restclient.go b/api/restclient.go
@@ -1,5 +1,5 @@
 /*
- Copyright © 2019 Dell Inc. or its subsidiaries. All Rights Reserved.
+ Copyright © 2019-2024 Dell Inc. or its subsidiaries. All Rights Reserved.
 
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
@@ -148,6 +148,7 @@ func New(_ context.Context, host string, opts ClientOptions, debug bool) (Client
 			TLSClientConfig: &tls.Config{
 				/* #nosec G402 */
 				InsecureSkipVerify: true,
+				CipherSuites:       util.GetSecuredCipherSuites(),
 			},
 		}
 	} else {
@@ -160,6 +161,7 @@ func New(_ context.Context, host string, opts ClientOptions, debug bool) (Client
 				/* #nosec G402 */
 				RootCAs:            pool,
 				InsecureSkipVerify: false,
+				CipherSuites:       util.GetSecuredCipherSuites(),
 			},
 		}
 	}

diff --git a/util/util.go b/util/util.go
@@ -1,5 +1,5 @@
 /*
- Copyright © 2019 Dell Inc. or its subsidiaries. All Rights Reserved.
+ Copyright © 2019-2024 Dell Inc. or its subsidiaries. All Rights Reserved.
 
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@ package util
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"os"
@@ -176,3 +177,14 @@ func ValidateDuration(durationStr string) (uint64, error) {
 
 	return 0, nil
 }
+
+// GetSecuredCipherSuites returns a slice of secured cipher suites.
+// It iterates over the tls.CipherSuites() and appends the ID of each cipher suite to the suites slice.
+// The function returns the suites slice.
+func GetSecuredCipherSuites() (suites []uint16) {
+	securedSuite := tls.CipherSuites()
+	for _, v := range securedSuite {
+		suites = append(suites, v.ID)
+	}
+	return suites
+}
diff --git a/util/util_test.go b/util/util_test.go
@@ -1,5 +1,5 @@
 /*
- Copyright © 2019 Dell Inc. or its subsidiaries. All Rights Reserved.
+ Copyright © 2019-2024 Dell Inc. or its subsidiaries. All Rights Reserved.
 
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@ package util
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"testing"
 )
@@ -29,6 +30,7 @@ func TestUtils(t *testing.T) {
 	getLoggetTest(t)
 	validateResourceNameTest(t)
 	validateDurationTest(t)
+	getSecuredCipherSuitesTest(t)
 }
 
 func getRunIDLoggerTest(_ *testing.T) {
@@ -145,3 +147,28 @@ func validateDurationTest(t *testing.T) {
 	fmt.Println("Error: ", err)
 	fmt.Println("Validate Duration Test Successful")
 }
+
+func getSecuredCipherSuitesTest(t *testing.T) {
+	fmt.Println("Begin - Get Secured Cipher Suites Test")
+
+	suites := GetSecuredCipherSuites()
+	if len(suites) == 0 {
+		t.Fatalf("No secured cipher suites found")
+	}
+
+	// Check if all returned suites are valid TLS cipher suites
+	for _, suite := range suites {
+		found := false
+		for _, v := range tls.CipherSuites() {
+			if suite == v.ID {
+				found = true
+				break
+			}
+		}
+		if !found {
+			t.Fatalf("Invalid cipher suite ID found: %d", suite)
+		}
+	}
+
+	fmt.Println("Get Secured Cipher Suites Test Successful")
+}