refactor: add tls cipher whitelist for https and wss

2026-01-20 16:26:10 +01:00 · 2024-06-13 18:58:07 +08:00 · 2024-06-13 18:58:07 +08:00 · ae2a73dd1b
commit ae2a73dd1b
parent a080c85cbc
76 changed files with 12350 additions and 4218 deletions
--- a/vendor/github.com/gorilla/websocket/client.go
+++ b/vendor/github.com/gorilla/websocket/client.go
@ -206,7 +206,18 @@ func (d *Dialer) Dial(urlStr string, requestHeader http.Header) (*Conn, *http.Re
 	if u.Scheme == "wss" {
 		cfg := d.TLSClientConfig
 		if cfg == nil {
-			cfg = &tls.Config{ServerName: hostNoPort}
+			cfg = &tls.Config{
+				ServerName: hostNoPort,
+				MinVersion: tls.VersionTLS12,
+		                CipherSuites: []uint16{
+				    tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+				    tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			            tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			            tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			            tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+			            tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+		                },
+			}
 		} else if cfg.ServerName == "" {
 			shallowCopy := *cfg
 			cfg = &shallowCopy