From 84f900a2bcde59bb557540ceb02129c6c9ce7f9e Mon Sep 17 00:00:00 2001
From: shenyi <shenyi@cambricon.com>
Date: Fri, 29 Dec 2023 09:51:06 +0800
Subject: [PATCH] Use secure cipher suites for tls by default

---
 auth_server/main.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/auth_server/main.go b/auth_server/main.go
index 98407545..9a229de0 100644
--- a/auth_server/main.go
+++ b/auth_server/main.go
@@ -64,9 +64,7 @@ func ServeOnce(c *server.Config, cf string) (*server.AuthServer, *http.Server) {
 		glog.Exitf("Failed to create auth server: %s", err)
 	}
 
-	tlsConfig := &tls.Config{
-		PreferServerCipherSuites: true,
-	}
+	tlsConfig := &tls.Config{}
 	if c.Server.HSTS {
 		glog.Info("HTTP Strict Transport Security enabled")
 	}
@@ -101,6 +99,10 @@ func ServeOnce(c *server.Config, cf string) (*server.AuthServer, *http.Server) {
 		}
 		tlsConfig.CipherSuites = values
 		glog.Infof("TLS CipherSuites: %s", c.Server.TLSCipherSuites)
+	} else {
+		for _, s := range tls.CipherSuites() {
+			tlsConfig.CipherSuites = append(tlsConfig.CipherSuites, s.ID)
+		}
 	}
 	if c.Server.CertFile != "" || c.Server.KeyFile != "" {
 		// Check for partial configuration.