Restore support old cipher suites after go1.22 #1172

2024-06-07 17:57:36 +03:00
parent aca0781c4b
commit 0667683e4d
1 changed files with 18 additions and 2 deletions
@@ -19,11 +19,11 @@ func Do(req *http.Request) (*http.Response, error) {
 	switch req.URL.Scheme {
 	case "httpx":
-		secure = &tls.Config{InsecureSkipVerify: true}
+		secure = insecureConfig
 		req.URL.Scheme = "https"
 	case "https":
 		if hostname := req.URL.Hostname(); IsIP(hostname) {
-			secure = &tls.Config{InsecureSkipVerify: true}
+			secure = insecureConfig
 		}
 	}
@@ -144,6 +144,22 @@ type key string
 var connKey = key("conn")
 var secureKey = key("secure")
 var insecureConfig = &tls.Config{
 	InsecureSkipVerify: true,
 	CipherSuites: []uint16{
 		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 		// this cipher suites disabled starting from https://tip.golang.org/doc/go1.22
 		// but cameras can't work without them https://github.com/AlexxIT/go2rtc/issues/1172
 		tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // insecure
 		tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // insecure
 	},
 }
 func WithConn() (context.Context, *net.Conn) {
 	pconn := new(net.Conn)
 	return context.WithValue(context.Background(), connKey, pconn), pconn