Skip to content

Instantly share code, notes, and snippets.

@misho-kr

misho-kr/go_tls_configuration.md

Last active October 13, 2020 01:12
Show Gist options
  • Save misho-kr/5c8f5961614eea2a1dfa311c62514bd7 to your computer and use it in GitHub Desktop.
Save misho-kr/5c8f5961614eea2a1dfa311c62514bd7 to your computer and use it in GitHub Desktop.
Download ZIP
Bookmark: how does a well configured server look according to Cloudflare?
Raw
go_tls_configuration.md

Increasing http.Server boilerplate

So, how does a well configured server look according to Cloudflare?

func NewServer(addr string, handler http.Handler) *http.Server {
	return &http.Server{
		Addr:    addr,
		Handler: handler,
		// https://blog.cloudflare.com/exposing-go-on-the-internet/
		ReadTimeout:  5 * time.Second,
		WriteTimeout: 10 * time.Second,
		IdleTimeout:  120 * time.Second,
		TLSConfig: &tls.Config{
			NextProtos:       []string{"h2", "http/1.1"},
			MinVersion:       tls.VersionTLS12,
			CurvePreferences: []tls.CurveID{tls.CurveP256, tls.X25519},
			CipherSuites: []uint16{
				tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
				tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
				tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
				tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
			},
			PreferServerCipherSuites: true,
		}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment