server/etcdmain: add configurable cipher list to gRPC proxy listener

Signed-off-by: Allen Ray <alray@redhat.com>
2024-09-27 06:25:44 +00:00 · 2022-09-16 12:15:08 -04:00
parent 89d0fc49fc
commit db55011d7c
4 changed files with 88 additions and 25 deletions
--- a/server/embed/config.go
+++ b/server/embed/config.go
@@ -619,13 +619,9 @@ func updateCipherSuites(tls *transport.TLSInfo, ss []string) error {
 		return fmt.Errorf("TLSInfo.CipherSuites is already specified (given %v)", ss)
 	}
 	if len(ss) > 0 {
-		cs := make([]uint16, len(ss))
-		for i, s := range ss {
-			var ok bool
-			cs[i], ok = tlsutil.GetCipherSuite(s)
-			if !ok {
-				return fmt.Errorf("unexpected TLS cipher suite %q", s)
-			}
+		cs, err := tlsutil.GetCipherSuites(ss)
+		if err != nil {
+			return err
 		}
 		tls.CipherSuites = cs
 	}