Release-3.4: server/etcdmain: add configurable cipher list to gRPC proxy listener

Signed-off-by: Allen Ray <alray@redhat.com>
2024-09-27 06:25:44 +00:00 · 2022-10-19 16:02:03 -04:00
parent b058374fbd
commit 9254f8f05b
7 changed files with 127 additions and 167 deletions
--- a/embed/config.go
+++ b/embed/config.go
@@ -566,13 +566,9 @@ func updateCipherSuites(tls *transport.TLSInfo, ss []string) error {
 		return fmt.Errorf("TLSInfo.CipherSuites is already specified (given %v)", ss)
 	}
 	if len(ss) > 0 {
-		cs := make([]uint16, len(ss))
-		for i, s := range ss {
-			var ok bool
-			cs[i], ok = tlsutil.GetCipherSuite(s)
-			if !ok {
-				return fmt.Errorf("unexpected TLS cipher suite %q", s)
-			}
+		cs, err := tlsutil.GetCipherSuites(ss)
+		if err != nil {
+			return err
 		}
 		tls.CipherSuites = cs
 	}