Keep only IBM approved cipher suites

Charles1000Chen · Charles1000Chen · commit 61e4a4664a0e · 2024-05-24T12:08:38.000+08:00
Signed-off-by: Mu Chen &lt;chenmu@cn.ibm.com&gt;
diff --git a/main.go b/main.go
@@ -123,20 +123,15 @@ func startHTTPS(handler http.Handler) {
 		CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 		PreferServerCipherSuites: true,
 		CipherSuites: []uint16{
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,       //tls1.2 FIPS/IBM cloud approved
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,         //tls1.2 FIPS/IBM cloud approved
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,       //tls1.2 FIPS/IBM cloud approved
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,         //tls1.2 FIPS/IBM cloud approved
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, //tls1.2 IBM cloud approved
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,   //tls1.2 IBM cloud approved
+			tls.TLS_AES_256_GCM_SHA384,                        //tls1.3 IBM cloud approved
+			tls.TLS_AES_128_GCM_SHA256,                        //tls1.3 IBM cloud approved
+			tls.TLS_CHACHA20_POLY1305_SHA256,                  //tls1.3 IBM cloud approved
 		},
 	}
 
