Restore support old cipher suites after go1.22 #1172

AlexxIT · Jun 7, 2024 · 0667683 · 0667683
1 parent aca0781
commit 0667683
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/pkg/tcp/request.go b/pkg/tcp/request.go
@@ -19,11 +19,11 @@ func Do(req *http.Request) (*http.Response, error) {
 
 	switch req.URL.Scheme {
 	case "httpx":
-		secure = &tls.Config{InsecureSkipVerify: true}
+		secure = insecureConfig
 		req.URL.Scheme = "https"
 	case "https":
 		if hostname := req.URL.Hostname(); IsIP(hostname) {
-			secure = &tls.Config{InsecureSkipVerify: true}
+			secure = insecureConfig
 		}
 	}
 
@@ -144,6 +144,22 @@ type key string
 var connKey = key("conn")
 var secureKey = key("secure")
 
+var insecureConfig = &tls.Config{
+	InsecureSkipVerify: true,
+	CipherSuites: []uint16{
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+
+		// this cipher suites disabled starting from https://tip.golang.org/doc/go1.22
+		// but cameras can't work without them https://github.com/AlexxIT/go2rtc/issues/1172
+		tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // insecure
+		tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // insecure
+	},
+}
+
 func WithConn() (context.Context, *net.Conn) {
 	pconn := new(net.Conn)
 	return context.WithValue(context.Background(), connKey, pconn), pconn