core/router/supervisor:https ForceRSA to true

Former-commit-id: 86174563b57b142b1e70da6756a54b12b6d5e353
2025-02-02 15:30:36 +01:00 · 2018-03-31 06:38:30 +03:00 · 2018-03-31 06:38:30 +03:00 · fbf2bd6480
commit fbf2bd6480
parent 502b4654d4
1 changed files with 6 additions and 1 deletions
--- a/core/host/supervisor.go
+++ b/core/host/supervisor.go
@ -308,6 +308,7 @@ func (su *Supervisor) ListenAndServeAutoTLS(domain string, email string, cacheDi
 		HostPolicy: hostPolicy,
 		Email:      email,
 		Cache:      cache,
+		ForceRSA:   true,
 	}

 	srv2 := &http.Server{
@ -329,11 +330,15 @@ func (su *Supervisor) ListenAndServeAutoTLS(domain string, email string, cacheDi
 	go srv2.ListenAndServe()

 	su.Server.TLSConfig = &tls.Config{
-		GetCertificate:           autoTLSManager.GetCertificate,
 		MinVersion:               tls.VersionTLS10,
+		GetCertificate:           autoTLSManager.GetCertificate,
 		PreferServerCipherSuites: true,
+		// Keep the defaults.
 		CurvePreferences: []tls.CurveID{
 			tls.X25519,
+			tls.CurveP256,
+			tls.CurveP384,
+			tls.CurveP521,
 		},
 	}
 	return su.ListenAndServeTLS("", "")