diff options
| author | Jakob Borg <jakob@kastelo.net> | 2023-08-23 13:39:52 +0200 |
|---|---|---|
| committer | Jakob Borg <jakob@kastelo.net> | 2023-08-23 13:39:52 +0200 |
| commit | 92a4931850ecadf169b2e7d22681fc5dfa10d576 (patch) | |
| tree | a3c5ae18fb2fcc1c80383309217a2254f888f2bc /cmd | |
| parent | bdfef9010fe745f2029c65c582040f45fb848875 (diff) | |
| download | syncthing-92a4931850ecadf169b2e7d22681fc5dfa10d576.tar.gz syncthing-92a4931850ecadf169b2e7d22681fc5dfa10d576.zip | |
cmd/stdiscosrv: Modernise TLS settings, remove excessive HTTP logging
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/stdiscosrv/apisrv.go | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/cmd/stdiscosrv/apisrv.go b/cmd/stdiscosrv/apisrv.go index 06081287c..537647e1c 100644 --- a/cmd/stdiscosrv/apisrv.go +++ b/cmd/stdiscosrv/apisrv.go @@ -80,18 +80,9 @@ func (s *apiSrv) Serve(_ context.Context) error { s.listener = listener } else { tlsCfg := &tls.Config{ - Certificates: []tls.Certificate{s.cert}, - ClientAuth: tls.RequestClientCert, - SessionTicketsDisabled: true, - MinVersion: tls.VersionTLS12, - CipherSuites: []uint16{ - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - }, + Certificates: []tls.Certificate{s.cert}, + ClientAuth: tls.RequestClientCert, + MinVersion: tls.VersionTLS12, } tlsListener, err := tls.Listen("tcp", s.addr, tlsCfg) @@ -109,6 +100,7 @@ func (s *apiSrv) Serve(_ context.Context) error { ReadTimeout: httpReadTimeout, WriteTimeout: httpWriteTimeout, MaxHeaderBytes: httpMaxHeaderBytes, + ErrorLog: log.New(io.Discard, "", 0), } err := srv.Serve(s.listener) |