cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updates the tls.Config of the phishing and admin servers to support TLS 1.2 as the minimum TLS version. This addresses #1691 and #1689. 

I am making this change since Microsoft, Google, and Apple have all chosen to deprecate TLS 1.0 and TLS 1.1 in early 2020. In late 2018, the companies recorded that less than 1.4 percent (max) of their connections used < TLS 1.2.

Output before change:

```
docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333

 Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered (deprecated)
 TLS 1.1    offered (deprecated)
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   h2, http/1.1 (advertised)
 ALPN/HTTP2 h2, http/1.1 (offered)
```

Output after change:

```
docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333

 Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   h2, http/1.1 (advertised)
 ALPN/HTTP2 h2, http/1.1 (offered)
```
pull/1697/head
Jordan Wright 2019-12-11 19:52:41 -06:00
parent 44f88401bb
commit 79e680e675
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
controllers/phish.go
View File

@ -3,6 +3,7 @@ package controllers
import ( import (
"compress/gzip" "compress/gzip"
"context" "context"
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"net" "net"
@ -84,6 +85,10 @@ func WithContactAddress(addr string) PhishingServerOption {
// Start launches the phishing server, listening on the configured address. // Start launches the phishing server, listening on the configured address.
func (ps *PhishingServer) Start() { func (ps *PhishingServer) Start() {
if ps.config.UseTLS { if ps.config.UseTLS {
// Only support TLS 1.2 and above - ref #1691, #1689
ps.server.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
}
err := util.CheckAndCreateSSL(ps.config.CertPath, ps.config.KeyPath) err := util.CheckAndCreateSSL(ps.config.CertPath, ps.config.KeyPath)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)

5
controllers/route.go
View File

@ -3,6 +3,7 @@ package controllers
import ( import (
"compress/gzip" "compress/gzip"
"context" "context"
"crypto/tls"
"html/template" "html/template"
"net/http" "net/http"
"net/url" "net/url"
@ -70,6 +71,10 @@ func (as *AdminServer) Start() {
go as.worker.Start() go as.worker.Start()
} }
if as.config.UseTLS { if as.config.UseTLS {
// Only support TLS 1.2 and above - ref #1691, #1689
as.server.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
}
err := util.CheckAndCreateSSL(as.config.CertPath, as.config.KeyPath) err := util.CheckAndCreateSSL(as.config.CertPath, as.config.KeyPath)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)