44 "crypto/tls"
55 "net/http"
66 "os"
7+ "time"
78
8- "github.com/gin-contrib/gzip"
99 "github.com/threatwinds/go-sdk/catcher"
1010
1111 "github.com/gin-gonic/gin"
@@ -23,7 +23,6 @@ func ServeDependencies() {
2323 r := gin .New ()
2424 r .Use (
2525 gin .Recovery (),
26- gzip .Gzip (gzip .DefaultCompression ),
2726 )
2827
2928 r .NoRoute (notFound )
@@ -33,20 +32,31 @@ func ServeDependencies() {
3332
3433 loadedCert , err := tls .LoadX509KeyPair (config .CertPath , config .CertKeyPath )
3534 if err != nil {
36- catcher .Error ("failed to load TLS credentials" , err , map [string ]any {"process" : "agent-manager" })
35+ _ = catcher .Error ("failed to load TLS credentials" , err , map [string ]any {"process" : "agent-manager" })
36+ time .Sleep (5 * time .Second )
3737 os .Exit (1 )
3838 }
3939
4040 tlsConfig := & tls.Config {
41- MinVersion : tls .VersionTLS12 ,
4241 Certificates : []tls.Certificate {loadedCert },
42+ MinVersion : tls .VersionTLS12 ,
43+ MaxVersion : tls .VersionTLS13 ,
4344 CipherSuites : []uint16 {
44- tls . TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ,
45+ // TLS 1.2 secure cipher suites - RSA key exchange
4546 tls .TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,
4647 tls .TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 ,
48+ tls .TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ,
49+ // TLS 1.2 secure cipher suites - ECDSA key exchange (for ECDSA certificates)
50+ tls .TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ,
51+ tls .TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 ,
52+ tls .TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ,
53+ },
54+ CurvePreferences : []tls.CurveID {
55+ tls .X25519 , // Modern and fast
56+ tls .CurveP256 , // NIST P-256
57+ tls .CurveP384 , // NIST P-384
58+ tls .CurveP521 , // NIST P-521
4759 },
48-
49- PreferServerCipherSuites : true ,
5060 }
5161
5262 server := & http.Server {
@@ -57,7 +67,7 @@ func ServeDependencies() {
5767
5868 catcher .Info ("Starting HTTP server on port 8080" , map [string ]any {"process" : "agent-manager" })
5969 if err := server .ListenAndServeTLS ("" , "" ); err != nil {
60- catcher .Error ("error starting HTTP server" , err , map [string ]any {"process" : "agent-manager" })
70+ _ = catcher .Error ("error starting HTTP server" , err , map [string ]any {"process" : "agent-manager" })
6171 return
6272 }
6373}
0 commit comments