kwilczynski · March 22, 2021 00:00
diff --git a/tlsserver.go b/tlsserver.go
 package main

 import (
 	"bufio"
 	"crypto/tls"
 	"flag"
 	"fmt"
 	"net"
 )

 var (
 	cert     = flag.String("cert", "", "")
 	key      = flag.String("key", "", "")
 	insecure = flag.Bool("insecure", false, "")
 	host     = flag.String("host", "localhost", "")
 	port     = flag.String("port", "8080", "")
 )

 func main() {
 	flag.Parse()

 	cert, err := tls.LoadX509KeyPair(*cert, *key)
 	if err != nil {
 		panic(err)
 	}

 	tlsConfig := &tls.Config{
 		Certificates:             []tls.Certificate{cert},
 		ServerName:               *host,
 		InsecureSkipVerify:       *insecure,
 		PreferServerCipherSuites: true,
 		CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 		// CipherSuites: []uint16{
 		// 	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 		// 	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 		// 	tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 		// 	tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
 		// 	tls.TLS_RSA_WITH_AES_256_CBC_SHA,
 		// },
 		// CipherSuites: []uint16{
 		// 	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 		// 	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 		// 	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 		// 	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 		// 	tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 		// 	tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 		// 	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 		// 	tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 		// 	tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 		// 	tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 		// 	tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
 		// 	tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
 		// 	tls.TLS_RSA_WITH_AES_128_CBC_SHA,
 		// 	tls.TLS_RSA_WITH_AES_256_CBC_SHA,
 		// },
 		CipherSuites: []uint16{
 			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
 			// Not available in crypto/tls/cipher_suites.go
 			// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
 			// 0xC028,
 			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
 			// Not available in crypto/tls/cipher_suites.go
 			// tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
 			// 0xC024,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 		},
 		MinVersion: tls.VersionTLS12,
 	}

 	l, err := tls.Listen("tcp", fmt.Sprintf("%s:%s", *host, *port), tlsConfig)
 	if err != nil {
 		panic(err)
 	}
 	defer l.Close()

 	for {
 		conn, err := l.Accept()
 		if err != nil {
 			fmt.Println(err)
 			continue
 		}
 		go client(conn)
 	}
 }

 func client(conn net.Conn) {
 	defer conn.Close()
 	r := bufio.NewReader(conn)
 	for {
 		msg, err := r.ReadString('\n')
 		if err != nil {
 			fmt.Println(err)
 			return
 		}

 		println(msg)

 		n, err := conn.Write([]byte(msg))
 		if err != nil {
 			fmt.Println(n, err)
 			return
 		}
 	}
 }
	package main

	import (
	"bufio"
	"crypto/tls"
	"flag"
	"fmt"
	"net"
	)

	var (
	cert = flag.String("cert", "", "")
	key = flag.String("key", "", "")
	insecure = flag.Bool("insecure", false, "")
	host = flag.String("host", "localhost", "")
	port = flag.String("port", "8080", "")
	)

	func main() {
	flag.Parse()

	cert, err := tls.LoadX509KeyPair(cert, key)
	if err != nil {
	panic(err)
	}

	tlsConfig := &tls.Config{
	Certificates: []tls.Certificate{cert},
	ServerName: *host,
	InsecureSkipVerify: *insecure,
	PreferServerCipherSuites: true,
	CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
	// CipherSuites: []uint16{
	// tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	// tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
	// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
	// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
	// tls.TLS_RSA_WITH_AES_256_CBC_SHA,
	// },
	// CipherSuites: []uint16{
	// tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
	// tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	// tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	// tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	// tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
	// tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
	// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
	// tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
	// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
	// tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
	// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
	// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
	// tls.TLS_RSA_WITH_AES_128_CBC_SHA,
	// tls.TLS_RSA_WITH_AES_256_CBC_SHA,
	// },
	CipherSuites: []uint16{
	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
	// Not available in crypto/tls/cipher_suites.go
	// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
	// 0xC028,
	tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
	// Not available in crypto/tls/cipher_suites.go
	// tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
	// 0xC024,
	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
	},
	MinVersion: tls.VersionTLS12,
	}

	l, err := tls.Listen("tcp", fmt.Sprintf("%s:%s", host, port), tlsConfig)
	if err != nil {
	panic(err)
	}
	defer l.Close()

	for {
	conn, err := l.Accept()
	if err != nil {
	fmt.Println(err)
	continue
	}
	go client(conn)
	}
	}

	func client(conn net.Conn) {
	defer conn.Close()
	r := bufio.NewReader(conn)
	for {
	msg, err := r.ReadString('\n')
	if err != nil {
	fmt.Println(err)
	return
	}

	println(msg)

	n, err := conn.Write([]byte(msg))
	if err != nil {
	fmt.Println(n, err)
	return
	}
	}
	}