From 359c1d05d954bd2cc0d8eb404ae89fb64d1f72ce Mon Sep 17 00:00:00 2001 From: adarsh-dell Date: Mon, 3 Jun 2024 06:31:02 -0400 Subject: [PATCH] Using only secured cipher suites --- api/api.go | 13 +++++++++++++ deploy.go | 3 +++ 2 files changed, 16 insertions(+) diff --git a/api/api.go b/api/api.go index ef7f2ce..2e9f01a 100644 --- a/api/api.go +++ b/api/api.go @@ -117,6 +117,17 @@ type client struct { debug bool } +// GetSecuredCipherSuites returns a slice of secured cipher suites. +// It iterates over the tls.CipherSuites() and appends the ID of each cipher su ite to the suites slice. +// The function returns the suites slice. +func GetSecuredCipherSuites() (suites []uint16) { + securedSuite := tls.CipherSuites() + for _, v := range securedSuite { + suites = append(suites, v.ID) + } + return suites +} + // ClientOptions are options for the API client. type ClientOptions struct { // Insecure is a flag that indicates whether or not to supress SSL errors. @@ -160,6 +171,7 @@ func New( TLSClientConfig: &tls.Config{ // #nosec G402 InsecureSkipVerify: true, // #nosec G402 + CipherSuites: GetSecuredCipherSuites(), }, } } @@ -175,6 +187,7 @@ func New( RootCAs: pool, // #nosec G402 InsecureSkipVerify: opts.Insecure, + CipherSuites: GetSecuredCipherSuites(), }, } } diff --git a/deploy.go b/deploy.go index a3e2899..6349d2f 100644 --- a/deploy.go +++ b/deploy.go @@ -31,6 +31,7 @@ import ( "strconv" "strings" + "github.com/dell/goscaleio/api" types "github.com/dell/goscaleio/types/v1" log "github.com/sirupsen/logrus" "gopkg.in/yaml.v3" @@ -71,6 +72,7 @@ func NewGateway(host string, username, password string, insecure, useCerts bool) TLSClientConfig: &tls.Config{ // #nosec G402 InsecureSkipVerify: true, + CipherSuites: api.GetSecuredCipherSuites(), }, } } @@ -86,6 +88,7 @@ func NewGateway(host string, username, password string, insecure, useCerts bool) RootCAs: pool, // #nosec G402 InsecureSkipVerify: insecure, + CipherSuites: api.GetSecuredCipherSuites(), }, } }