Disable 3DES and other insecure cipher suites

Supported cipher suites: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Closes https://gitlab.com/gitlab-org/gitlab-pages/issues/150.
author: Krasimir Angelov <kangelov@gitlab.com> 2019-05-16 12:48:38 +0300
committer: Nick Thomas <nick@gitlab.com> 2019-05-16 12:48:38 +0300
commit: 0d97132056ac751d2841e35466225fbff6ad727e (patch)
tree: 1f9cd9f7b4369cf457d56a74fe24eb5e1a273c42 /helpers_test.go
parent: 656dfa25f02513e2b0c489ca88887f10a72299e6 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/helpers_test.go b/helpers_test.go
index bf61b7a4..2e565300 100644
--- a/helpers_test.go
+++ b/helpers_test.go
@@ -329,6 +329,18 @@ func GetRedirectPageWithCookie(t *testing.T, spec ListenSpec, host, urlsuffix st
 	return TestHTTPSClient.Transport.RoundTrip(req)
 }
 
+func ClientWithCiphers(ciphers []uint16) (*http.Client, func()) {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			RootCAs:      TestCertPool,
+			CipherSuites: ciphers,
+		},
+	}
+	client := &http.Client{Transport: tr}
+
+	return client, tr.CloseIdleConnections
+}
+
 func waitForRoundtrips(t *testing.T, listeners []ListenSpec, timeout time.Duration) {
 	nListening := 0
 	start := time.Now()
author	Krasimir Angelov <kangelov@gitlab.com>	2019-05-16 12:48:38 +0300
committer	Nick Thomas <nick@gitlab.com>	2019-05-16 12:48:38 +0300
commit	0d97132056ac751d2841e35466225fbff6ad727e (patch)
tree	1f9cd9f7b4369cf457d56a74fe24eb5e1a273c42 /helpers_test.go
parent	656dfa25f02513e2b0c489ca88887f10a72299e6 (diff)