remove tls cipher suite settings (sonic-net#127)

MSFT ADO: 24943795 To make TLS 1.3 compliant in sonic, it is not recommended to set cipher suite objects in Tls.Config struct. Refer to ADO for TLS 1.3 requirements. Verified by building new sonic image, compare new syslog with old one. Signed-off-by: Mai Bui <[email protected]>
faraazbrcm · Jan 10, 2024 · ca0656c · ca0656c
1 parent 99cbc48
commit ca0656c
Showing 1 changed file with 0 additions and 12 deletions.
diff --git a/rest/main/main.go b/rest/main/main.go
@@ -106,7 +106,6 @@ func main() {
 		ClientCAs:                prepareCACertificates(),
 		MinVersion:               tls.VersionTLS12,
 		PreferServerCipherSuites: true,
-		CipherSuites:             getPreferredCipherSuites(),
 	}
 
 	// Prepare HTTPS server
@@ -199,17 +198,6 @@ func getTLSClientAuthType() tls.ClientAuthType {
 	}
 }
 
-func getPreferredCipherSuites() []uint16 {
-	return []uint16{
-		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	}
-}
-
 // findAManagementIP returns a valid IPv4 address of eth0.
 // Empty string is returned if no address could be resolved.
 func findAManagementIP() string {