moving to boringssl

src/utils/discovery.rs

@@ -10,9 +10,9 @@ pub struct APIUpstreamProvider {
     pub config_api_enabled: bool,
     pub address: String,
     pub masterkey: String,
-    pub tls_address: Option<String>,
-    pub tls_certificate: Option<String>,
-    pub tls_key_file: Option<String>,
+    // pub tls_address: Option<String>,
+    // pub tls_certificate: Option<String>,
+    // pub tls_key_file: Option<String>,
     pub file_server_address: Option<String>,
     pub file_server_folder: Option<String>,
     pub current_upstreams: Arc<UpstreamsDashMap>,

src/utils/tls.rs

@@ -228,26 +228,30 @@ pub fn set_tsl_grade(tls_settings: &mut TlsSettings, grade: &str) {
             let _ = tls_settings.set_min_proto_version(Some(SslVersion::TLS1_2));
             // let _ = tls_settings.set_max_proto_version(Some(SslVersion::TLS1_3));
             let _ = tls_settings.set_cipher_list(CIPHERS.high);
-            let _ = tls_settings.set_ciphersuites(CIPHERS.high);
+            // let _ = tls_settings.set_ciphersuites(CIPHERS.high);
+            let _ = tls_settings.set_cipher_list(CIPHERS.high);
             info!("TLS grade: {:?}, => HIGH", tls_settings.options());
         }
         Some(TlsGrade::MEDIUM) => {
             let _ = tls_settings.set_min_proto_version(Some(SslVersion::TLS1));
             let _ = tls_settings.set_cipher_list(CIPHERS.medium);
-            let _ = tls_settings.set_ciphersuites(CIPHERS.medium);
+            // let _ = tls_settings.set_ciphersuites(CIPHERS.medium);
+            let _ = tls_settings.set_cipher_list(CIPHERS.medium);
             info!("TLS grade: {:?}, => MEDIUM", tls_settings.options());
         }
         Some(TlsGrade::LEGACY) => {
             let _ = tls_settings.set_min_proto_version(Some(SslVersion::SSL3));
             let _ = tls_settings.set_cipher_list(CIPHERS.legacy);
-            let _ = tls_settings.set_ciphersuites(CIPHERS.legacy);
+            // let _ = tls_settings.set_ciphersuites(CIPHERS.legacy);
+            let _ = tls_settings.set_cipher_list(CIPHERS.legacy);
             warn!("TLS grade: {:?}, => UNSAFE", tls_settings.options());
         }
         None => {
             // Defaults to MEDIUM
             let _ = tls_settings.set_min_proto_version(Some(SslVersion::TLS1));
             let _ = tls_settings.set_cipher_list(CIPHERS.medium);
-            let _ = tls_settings.set_ciphersuites(CIPHERS.medium);
+            // let _ = tls_settings.set_ciphersuites(CIPHERS.medium);
+            let _ = tls_settings.set_cipher_list(CIPHERS.medium);
             warn!("TLS grade is not detected defaulting top MEDIUM");
         }
     }

src/web/bgservice.rs

@@ -54,9 +54,9 @@ impl BackgroundService for LB {
             address: self.config.config_address.clone(),
             masterkey: self.config.master_key.clone(),
             config_api_enabled: self.config.config_api_enabled.clone(),
-            tls_address: self.config.config_tls_address.clone(),
-            tls_certificate: self.config.config_tls_certificate.clone(),
-            tls_key_file: self.config.config_tls_key_file.clone(),
+            // tls_address: self.config.config_tls_address.clone(),
+            // tls_certificate: self.config.config_tls_certificate.clone(),
+            // tls_key_file: self.config.config_tls_key_file.clone(),
             file_server_address: self.config.file_server_address.clone(),
             file_server_folder: self.config.file_server_folder.clone(),
             current_upstreams: self.ump_upst.clone(),

src/web/webserver.rs

@@ -7,7 +7,7 @@ use axum::http::{Response, StatusCode};
 use axum::response::IntoResponse;
 use axum::routing::{get, post};
 use axum::{Json, Router};
-use axum_server::tls_openssl::OpenSSLConfig;
+// use axum_server::tls_openssl::OpenSSLConfig;
 use futures::channel::mpsc::Sender;
 use futures::SinkExt;
 use jsonwebtoken::{encode, EncodingKey, Header};
@@ -15,7 +15,7 @@ use log::{error, info, warn};
 use prometheus::{gather, Encoder, TextEncoder};
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
-use std::net::SocketAddr;
+// use std::net::SocketAddr;
 use std::sync::Arc;
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
 use tokio::net::TcpListener;
@@ -64,17 +64,17 @@ pub async fn run_server(config: &APIUpstreamProvider, mut to_return: Sender<Conf
         .route("/status", get(status))
         .with_state(app_state);
 
-    if let Some(value) = &config.tls_address {
-        let cf = OpenSSLConfig::from_pem_file(config.tls_certificate.clone().unwrap(), config.tls_key_file.clone().unwrap()).unwrap();
-        let addr: SocketAddr = value.parse().expect("Unable to parse socket address");
-        let tls_app = app.clone();
-        tokio::spawn(async move {
-            if let Err(e) = axum_server::bind_openssl(addr, cf).serve(tls_app.into_make_service()).await {
-                eprintln!("TLS server failed: {}", e);
-            }
-        });
-        info!("Starting the TLS API server on: {}", value);
-    }
+    // if let Some(value) = &config.tls_address {
+    //     let cf = OpenSSLConfig::from_pem_file(config.tls_certificate.clone().unwrap(), config.tls_key_file.clone().unwrap()).unwrap();
+    //     let addr: SocketAddr = value.parse().expect("Unable to parse socket address");
+    //     let tls_app = app.clone();
+    //     tokio::spawn(async move {
+    //         if let Err(e) = axum_server::bind_openssl(addr, cf).serve(tls_app.into_make_service()).await {
+    //             eprintln!("TLS server failed: {}", e);
+    //         }
+    //     });
+    //     info!("Starting the TLS API server on: {}", value);
+    // }
 
     if let (Some(address), Some(folder)) = (&config.file_server_address, &config.file_server_folder) {
         let static_files = ServeDir::new(folder);