♻️ refactor internal/tls

Signed-off-by: vankichi <kyukawa315@gmail.com>
vdaas · Jul 1, 2020 · d49254b · d49254b
1 parent 93c1ff6
commit d49254b
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 41 deletions.
diff --git a/internal/tls/option.go b/internal/tls/option.go
@@ -23,47 +23,6 @@ type Option func(*credentials) error
 
 var (
 	defaultOpts = []Option{
-		WithTLSConfig(&tls.Config{
-			MinVersion: tls.VersionTLS12,
-			NextProtos: []string{
-				"http/1.1",
-				"h2",
-			},
-			CurvePreferences: []tls.CurveID{
-				tls.CurveP521,
-				tls.CurveP384,
-				tls.CurveP256,
-				tls.X25519,
-			},
-			SessionTicketsDisabled: true,
-			// PreferServerCipherSuites: true,
-			// CipherSuites: []uint16{
-			// tls.TLS_RSA_WITH_RC4_128_SHA,
-			// tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-			// tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-			// tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
-			// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
-			// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
-			// tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-			// tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-			// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-			// tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			// tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, // Maybe this is work on TLS 1.2
-			// tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, // TLS1.3 Feature
-			// tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, // TLS1.3 Feature
-			// tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
-			// tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
-			// },
-			ClientAuth: tls.NoClientCert,
-		}),
 	}
 )
 

diff --git a/internal/tls/tls.go b/internal/tls/tls.go
@@ -53,6 +53,49 @@ func New(opts ...Option) (*Config, error) {
 		return nil, errors.ErrTLSCertOrKeyNotFound
 	}
 
+	if c.cfg == nil {
+		c.cfg = &tls.Config{
+			MinVersion: tls.VersionTLS12,
+			NextProtos: []string{
+				"http/1.1",
+				"h2",
+			},
+			CurvePreferences: []tls.CurveID{
+				tls.CurveP521,
+				tls.CurveP384,
+				tls.CurveP256,
+				tls.X25519,
+			},
+			SessionTicketsDisabled: true,
+			// PreferServerCipherSuites: true,
+			// CipherSuites: []uint16{
+			// tls.TLS_RSA_WITH_RC4_128_SHA,
+			// tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			// tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			// tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+			// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			// tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			// tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			// tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, // Maybe this is work on TLS 1.2
+			// tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, // TLS1.3 Feature
+			// tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, // TLS1.3 Feature
+			// tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
+			// tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
+			// },
+			ClientAuth: tls.NoClientCert,
+		}
+	}
 	c.cfg.Certificates = make([]tls.Certificate, 1)
 	c.cfg.Certificates[0], err = tls.LoadX509KeyPair(c.cert, c.key)
 	if err != nil {