From da8589184828fc550a2f53ffcfa9c270ee25c656 Mon Sep 17 00:00:00 2001
From: root <root@databunker.org>
Date: Wed, 16 Feb 2022 17:47:29 +0000
Subject: [PATCH] use secure ssl configuation

---
 src/bunker.go | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/bunker.go b/src/bunker.go
index 2e4f585..7515460 100644
--- a/src/bunker.go
+++ b/src/bunker.go
@@ -7,6 +7,7 @@ import (
 	"compress/gzip"
 	"context"
 	"crypto/md5"
+	"crypto/tls"
 	"encoding/hex"
 	"errors"
 	"flag"
@@ -618,7 +619,22 @@ func main() {
 	initCaptcha(hash)
 	router := e.setupRouter()
 	router = e.setupConfRouter(router)
-	srv := &http.Server{Addr: cfg.Server.Host + ":" + cfg.Server.Port, Handler: reqMiddleware(router)}
+	tlsConfig := &tls.Config{
+		MinVersion: tls.VersionTLS12,
+		CipherSuites: []uint16{
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			//tls.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			//tls.TLS_DHE_RSA_WITH_AES_256_CCM_8,
+			//tls.TLS_DHE_RSA_WITH_AES_256_CCM,
+			//tls.TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+			//tls.TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+		},
+	}
+	srv := &http.Server{Addr: cfg.Server.Host + ":" + cfg.Server.Port, Handler: reqMiddleware(router), TLSConfig: tlsConfig}
 
 	stop := make(chan os.Signal, 2)
 	signal.Notify(stop, os.Interrupt, syscall.SIGTERM)