Remove cipher preference selection, Go 1.23 no longer permits this (#584

)
Doridian · Aug 18, 2024 · a007fe4 · a007fe4
1 parent 4007800
commit a007fe4
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 29 deletions.
diff --git a/client/cli/client.example.yml b/client/cli/client.example.yml
@@ -43,5 +43,4 @@ client:
       insecure: false
       min-version: 1.2
       max-version: 1.3
-      cipher-preference: "" # blank, AES or CHACHA
       key-log-file: "" # This will log TLS secret keys to a file. DO NOT USE IN PRODUCTION!
diff --git a/go.mod b/go.mod
@@ -2,7 +2,7 @@ module github.com/Doridian/wsvpn
 
 go 1.21
 
-toolchain go1.22.6
+toolchain go1.23.0
 
 require (
 	github.com/Doridian/water v1.6.1

diff --git a/server/cli/server.example.yml b/server/cli/server.example.yml
@@ -61,7 +61,6 @@ server:
     config:
       min-version: 1.2
       max-version: 1.3
-      cipher-preference: "" # blank, AES or CHACHA
       key-log-file: "" # This will log TLS secret keys to a file. DO NOT USE IN PRODUCTION!
   authenticator:
     type: allow-all # radius, allow-all or htpasswd

diff --git a/shared/cli/tls.go b/shared/cli/tls.go
@@ -2,20 +2,17 @@ package cli
 
 import (
 	"crypto/tls"
-	"errors"
 	"log"
 	"os"
-	"strings"
 
 	"github.com/Doridian/wsvpn/shared"
 )
 
 type TLSConfig struct {
-	MinVersion       string `yaml:"min-version"`
-	MaxVersion       string `yaml:"max-version"`
-	KeyLogFile       string `yaml:"key-log-file"`
-	Insecure         bool   `yaml:"insecure"`
-	CipherPreference string `yaml:"cipher-preference"`
+	MinVersion string `yaml:"min-version"`
+	MaxVersion string `yaml:"max-version"`
+	KeyLogFile string `yaml:"key-log-file"`
+	Insecure   bool   `yaml:"insecure"`
 }
 
 func TLSUseConfig(tlsConfig *tls.Config, fileConfig *TLSConfig) error {
@@ -31,16 +28,5 @@ func TLSUseConfig(tlsConfig *tls.Config, fileConfig *TLSConfig) error {
 		tlsConfig.KeyLogWriter = fh
 	}
 
-	switch strings.ToUpper(fileConfig.CipherPreference) {
-	case "AES":
-		shared.TLSSetCipherAESPreference(true)
-	case "CHACHA":
-		shared.TLSSetCipherAESPreference(false)
-	case "":
-		break
-	default:
-		return errors.New("invalid TLS preference. Must be blank, AES or CHACHA")
-	}
-
 	return nil
 }
diff --git a/shared/tls.go b/shared/tls.go
@@ -2,7 +2,6 @@ package shared
 
 import (
 	"crypto/tls"
-	_ "unsafe" // Required for go:linkname
 )
 
 func TLSVersionString(version uint16) string {
@@ -32,10 +31,3 @@ func TLSVersionNum(version string) uint16 {
 	}
 	return 0
 }
-
-//go:linkname hasAESGCMHardwareSupport crypto/tls.hasAESGCMHardwareSupport
-var hasAESGCMHardwareSupport bool
-
-func TLSSetCipherAESPreference(preferAES bool) {
-	hasAESGCMHardwareSupport = preferAES
-}