mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
HTTP: Add TLS version configurability for Grafana server (#67482)
Co-authored-by: Rao B V Chalapathi <b_v_chalapathi.rao@nokia.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
This commit is contained in:
venkatbvc
GitHub
68
pkg/util/tls.go
Normal file
68
pkg/util/tls.go
Normal file
@@ -0,0 +1,68 @@
|
||||
package util
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// tlsNameToVersion converts a string to a tls version
|
||||
func TlsNameToVersion(name string) (uint16, error) {
|
||||
name = strings.ToUpper(name)
|
||||
switch name {
|
||||
case "TLS1.0":
|
||||
return tls.VersionTLS10, nil
|
||||
case "TLS1.1":
|
||||
return tls.VersionTLS11, nil
|
||||
case "TLS1.2":
|
||||
return tls.VersionTLS12, nil
|
||||
case "TLS1.3":
|
||||
return tls.VersionTLS13, nil
|
||||
}
|
||||
|
||||
return 0, fmt.Errorf("unknown tls version: %q", name)
|
||||
}
|
||||
|
||||
// Cipher strings https://go.dev/src/crypto/tls/cipher_suites.go
|
||||
// Ex: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" or "TLS_RSA_WITH_AES_128_CBC_SHA"
|
||||
func TlsCiphersToIDs(names []string) ([]uint16, error) {
|
||||
if len(names) == 0 || names == nil {
|
||||
// no ciphers specified, use defaults
|
||||
return nil, nil
|
||||
}
|
||||
var ids []uint16
|
||||
var missing []string
|
||||
|
||||
ciphers := tls.CipherSuites()
|
||||
var cipherMap = make(map[string]uint16, len(ciphers))
|
||||
for _, cipher := range ciphers {
|
||||
cipherMap[cipher.Name] = cipher.ID
|
||||
}
|
||||
|
||||
for _, name := range names {
|
||||
name = strings.ToUpper(name)
|
||||
id, ok := cipherMap[name]
|
||||
if !ok {
|
||||
missing = append(missing, name)
|
||||
continue
|
||||
}
|
||||
ids = append(ids, id)
|
||||
}
|
||||
|
||||
if len(missing) > 0 {
|
||||
return ids, fmt.Errorf("unknown ciphers: %v", missing)
|
||||
}
|
||||
|
||||
return ids, nil
|
||||
}
|
||||
|
||||
// tlsNameToVersion converts a tls version to a string
|
||||
func TlsCipherIdsToString(ids []uint16) string {
|
||||
var tlsCiphers []string
|
||||
if len(ids) > 0 {
|
||||
for _, cipher := range ids {
|
||||
tlsCiphers = append(tlsCiphers, tls.CipherSuiteName(cipher))
|
||||
}
|
||||
}
|
||||
return strings.Join(tlsCiphers, ",")
|
||||
}
|
||||
26
pkg/util/tls_test.go
Normal file
26
pkg/util/tls_test.go
Normal file
@@ -0,0 +1,26 @@
|
||||
package util
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestTlsNameToVersion(t *testing.T) {
|
||||
tests := []struct {
|
||||
tlsVer string
|
||||
expected uint16
|
||||
}{
|
||||
{"TLS1.0", tls.VersionTLS10},
|
||||
{"TLS1.1", tls.VersionTLS11},
|
||||
{"TLS1.2", tls.VersionTLS12},
|
||||
{"TLS1.3", tls.VersionTLS13},
|
||||
{"SSSL", 0},
|
||||
}
|
||||
|
||||
for _, testcase := range tests {
|
||||
verStr, _ := TlsNameToVersion(testcase.tlsVer)
|
||||
assert.EqualValues(t, testcase.expected, verStr)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user