Merge: + DNS, Web: use only secure TLSv1.2 ciphers

Close #1384

Squashed commit of the following:

commit cd90abcce573a8e930446ba153565e553e6b81d5
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Mar 20 19:17:53 2020 +0300

    minor

commit a1914c5f41425e82cdedc9716bce84470afab65b
Merge: 72c53673 c8285c41
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Mar 20 19:17:21 2020 +0300

    Merge remote-tracking branch 'origin/master' into 1384-tls12-ciphers

commit 72c536737e0502bb397562ade47aedb9f2ae4494
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Mar 4 18:16:24 2020 +0300

    + DNS, Web: use only secure TLSv1.2 ciphers

home/dns.go

@@ -172,6 +172,7 @@ func generateServerConfig() dnsforward.ServerConfig {
 		}
 	}
 	newconfig.TLSv12Roots = Context.tlsRoots
+	newconfig.TLSCiphers = Context.tlsCiphers
 	newconfig.TLSAllowUnencryptedDOH = tlsConf.AllowUnencryptedDOH
 
 	newconfig.FilterHandler = applyAdditionalFiltering

home/home.go

@@ -80,6 +80,7 @@ type homeContext struct {
 	disableUpdate    bool   // If set, don't check for updates
 	controlLock      sync.Mutex
 	tlsRoots         *x509.CertPool // list of root CAs for TLSv1.2
+	tlsCiphers       []uint16       // list of TLS ciphers to use
 	transport        *http.Transport
 	client           *http.Client
 	appSignalChannel chan os.Signal // Channel for receiving OS signals by the console app
@@ -174,6 +175,7 @@ func run(args options) {
 	initConfig()
 
 	Context.tlsRoots = util.LoadSystemRootCAs()
+	Context.tlsCiphers = util.InitTLSCiphers()
 	Context.transport = &http.Transport{
 		DialContext: customDialContext,
 		Proxy:       getHTTPProxy,

home/web.go

@@ -176,6 +176,7 @@ func (w *Web) httpServerLoop() {
 				Certificates: []tls.Certificate{w.httpsServer.cert},
 				MinVersion:   tls.VersionTLS12,
 				RootCAs:      Context.tlsRoots,
+				CipherSuites: Context.tlsCiphers,
 			},
 		}