Baltimore Go June Meeting - Go to the Rescue: Saving DevOps from TLS Turmoil
Find out about a use case that created a need for testing certificate chains, appropriate web server security settings, and the Go code used for testing.
2. Intermediate certificate(s) 3. Your certificate SSL is dead; TLS is alive and well NOTE: TLS 1.0 is not good Mozilla SSL Configuration Generator @ChrisShort devopsish.com
in RFC-5246 Package configures usable SSL/TLS versions Identifies preferred cipher suites and elliptic curves used during handshakes This is the package that handles connections securely @ChrisShort devopsish.com
ListenAndServeTLS ListenAndServeTLS provides the desired certificate checking functionality "certFile should be the concatenation of the server's certificate, any intermediates, and the CA's certificate." @ChrisShort devopsish.com
a function that creates an HTTP server with headers and content (Hello World!) cfg brings in all the TLS bits seen in a solid web server config srv puts the pieces together and defines what port to listen on @ChrisShort devopsish.com
a self contained web server Compiles 6MB!!! I ❤ Go! Can be safely deployed to any public server External testing run against it for extra vetting @ChrisShort devopsish.com Conclusion They won't let me talk forever