refactor(client): Use go default tls cipher suites

Signed-off-by: Pierre-Henri Symoneaux <[email protected]>

Author: phsym

kmipclient/client.go

@@ -33,7 +33,26 @@ type opts struct {
 func (o *opts) tlsConfig() (*tls.Config, error) {
 	cfg := o.tlsCfg
 	if cfg == nil {
-		cfg = &tls.Config{}
+		cfg = &tls.Config{
+			MinVersion: tls.VersionTLS12, // As required by KMIP 1.4 spec
+
+			// // TODO: Make cipher suites configurable and do not add by default legacy ones
+			// CipherSuites: []uint16{
+			// 	// Mandatory support as per KMIP 1.4 spec
+			// 	// tls.TLS_RSA_WITH_AES_256_CBC_SHA256, // Not supported in Go
+			// 	tls.TLS_RSA_WITH_AES_128_CBC_SHA256, // insecure
+
+			// 	// Optional support as per KMIP 1.4 spec
+			// 	tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			// 	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			// 	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			// 	tls.TLS_RSA_WITH_AES_128_CBC_SHA,            // insecure
+			// 	tls.TLS_RSA_WITH_AES_256_CBC_SHA,            // insecure
+			// 	tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, // insecure
+			// 	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      // insecure
+			// 	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   // insecure
+			// },
+		}
 	}
 	if cfg.RootCAs == nil {
 		if len(o.rootCAs) > 0 {
@@ -52,27 +71,6 @@ func (o *opts) tlsConfig() (*tls.Config, error) {
 	if cfg.ServerName == "" {
 		cfg.ServerName = o.serverName
 	}
-	if cfg.MinVersion == 0 {
-		cfg.MinVersion = tls.VersionTLS12 // As required by KMIP 1.4 spec
-	}
-	if len(cfg.CipherSuites) == 0 {
-		cfg.CipherSuites = []uint16{
-			// Mandatory support as per KMIP 1.4 spec
-			// tls.TLS_RSA_WITH_AES_256_CBC_SHA256, // Not supported in Go
-			tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
-
-			// Optional support as per KMIP 1.4 spec
-			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-		}
-	}
 	return cfg, nil
 }
 

ttlv/encoder.go

@@ -293,7 +293,7 @@ func encodeFunc(ty reflect.Type) func(*Encoder, int, reflect.Value) {
 		}
 	case reflect.Int64:
 		return func(e *Encoder, tag int, v reflect.Value) {
-			e.LongInteger(tag, int64(v.Int()))
+			e.LongInteger(tag, v.Int())
 		}
 	case reflect.Bool:
 		return func(e *Encoder, tag int, v reflect.Value) {

ttlv/encoding_ttlv.go

@@ -89,7 +89,7 @@ func (enc *ttlvWriter) BigInteger(tag int, value *big.Int) {
 
 func (enc *ttlvWriter) Enum(enumtag, tag int, value uint32) {
 	enc.encodeAppend(tag, TypeEnumeration, 4, func(b []byte) []byte {
-		b = binary.BigEndian.AppendUint32(b, uint32(value))
+		b = binary.BigEndian.AppendUint32(b, value)
 		return append(b, 0, 0, 0, 0)
 	})
 }