David K. Bainbridge | 215e024 | 2017-09-05 23:18:24 -0700 | [diff] [blame] | 1 | // +build go1.5 |
| 2 | |
| 3 | // Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers. |
| 4 | // |
| 5 | package tlsconfig |
| 6 | |
| 7 | import ( |
| 8 | "crypto/tls" |
| 9 | ) |
| 10 | |
| 11 | // Client TLS cipher suites (dropping CBC ciphers for client preferred suite set) |
| 12 | var clientCipherSuites = []uint16{ |
| 13 | tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| 14 | tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| 15 | tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| 16 | tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| 17 | } |