2 files changed, 44 insertions(+), 0 deletions(-)

A go.mod
A server.go

@@ 1,3 @@
+module nws.sk/minolta/sf5/common/server
+
+go 1.14

@@ 1,41 @@
+package server
+
+import (
+	"crypto/tls"
+	"net/http"
+	"time"
+)
+
+func New(handler http.Handler, serverAddress string) *http.Server {
+	// See https://blog.cloudflare.com/exposing-go-on-the-internet/ for details
+	// about these settings
+	tlsConfig := &tls.Config{
+		// Causes servers to use Go's default cipher suite preferences,
+		// which are tuned to avoid attacks. Does nothing on clients.
+		PreferServerCipherSuites: true,
+		// Only use curves which have assembly implementations
+		CurvePreferences: []tls.CurveID{
+			tls.CurveP256,
+			tls.X25519, // Go 1.8 only
+		},
+
+		MinVersion: tls.VersionTLS12,
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		},
+	}
+	srv := &http.Server{
+		Addr:         serverAddress,
+		ReadTimeout:  5 * time.Second,
+		WriteTimeout: 10 * time.Second,
+		IdleTimeout:  120 * time.Second,
+		TLSConfig:    tlsConfig,
+		Handler:      handler,
+	}
+	return srv
+}