Allow setting custom TLS ciphers #131

mattgahs · 2023-11-06T13:55:50Z

Hello!

I need to disable some TLS ciphers in the mokey web service. What's the best way to do so?

Specifically:

TLSv1.2:

TLSv1.3:

Thanks!

Aterfax · 2023-11-06T17:58:35Z

Looks like mokey might need some amendments in the code to implement the setting of this in the TOML file / via options from https://pkg.go.dev/net/http#hdr-Clients_and_Transports

For now I would recommend configuring a reverse proxy with the OS native NGINX / Apache or something like the SWAG docker.

aebruno · 2023-11-07T14:04:28Z

@mattgahs We currently do not support setting custom TLS ciphers. As @Aterfax mentioned, you have a few options:

Run mokey behind nginx (or another webserver) using proxy pass and configure your custom ciphers there
Modify the code here to support setting a custom tls.Config with your custom cipher list. see here

I'll add this issue as a feature so in the future we can support custom ciphers. If you do end up implementing option 2 feel free to submit a PR.

aebruno changed the title ~~How to disable verboten TLS ciphers~~ Allow setting custom TLS ciphers Nov 7, 2023

aebruno added the enhancement label Nov 7, 2023

Provide feedback