home: refactor override

2022-10-14 20:14:07 +03:00
parent a736f67205
commit 5ae826d8a9
4 changed files with 47 additions and 40 deletions
--- a/internal/home/config.go
+++ b/internal/home/config.go
@@ -9,6 +9,7 @@ import (
 	"sync"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
+	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
@@ -380,6 +381,7 @@ func parseConfig() (err error) {
 		// we add support for HTTP/3 for web admin interface.
 		addPorts(udpPorts, udpPort(config.TLS.PortDNSOverQUIC))
 	}
+
 	if err = tcpPorts.Validate(); err != nil {
 		return fmt.Errorf("validating tcp ports: %w", err)
 	} else if err = udpPorts.Validate(); err != nil {
@@ -394,6 +396,11 @@ func parseConfig() (err error) {
 		config.DNS.UpstreamTimeout = timeutil.Duration{Duration: dnsforward.DefaultTimeout}
 	}

+	err = setContextTLSCipherIDs()
+	if err != nil {
+		return err
+	}
+
 	return nil
 }

@@ -496,3 +503,23 @@ func (c *configuration) write() (err error) {

 	return nil
 }
+
+// setContextTLSCipherIDs sets the TLS cipher suite IDs to use.
+func setContextTLSCipherIDs() (err error) {
+	if len(config.TLS.OverrideTLSCiphers) == 0 {
+		log.Info("tls: using default ciphers")
+
+		Context.tlsCipherIDs = aghtls.SaferCipherSuites()
+
+		return nil
+	}
+
+	log.Info("tls: overriding ciphers: %s", config.TLS.OverrideTLSCiphers)
+
+	Context.tlsCipherIDs, err = aghtls.ParseCiphers(config.TLS.OverrideTLSCiphers)
+	if err != nil {
+		return fmt.Errorf("parsing override ciphers: %w", err)
+	}
+
+	return nil
+}