From 30a069645955058d692a35046555fd900f80ef7f Mon Sep 17 00:00:00 2001
From: wincsb <win.csb@163.com>
Date: Fri, 8 Dec 2023 14:42:19 +0800
Subject: [PATCH 1/2] FIX SWEET32 Birthday attack : TLS vulnerability
 (CVE-2016-2183) in OpenSSL

FIX SWEET32 Birthday attack : TLS vulnerability (CVE-2016-2183) in OpenSSL
---
 tars/util/ssl/ssl.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tars/util/ssl/ssl.go b/tars/util/ssl/ssl.go
index 475bc12d..b257f378 100644
--- a/tars/util/ssl/ssl.go
+++ b/tars/util/ssl/ssl.go
@@ -14,6 +14,25 @@ var log = rogger.GetLogger("ssl")
 
 func NewServerTlsConfig(ca, cert, key string, verifyClient bool, ciphers string) (tlsConfig *tls.Config, err error) {
 	tlsConfig = &tls.Config{}
+
+	tlsConfig.CipherSuites = []uint16{
+		tls.TLS_AES_128_GCM_SHA256,
+		tls.TLS_CHACHA20_POLY1305_SHA256,
+		tls.TLS_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+	}
+
 	if ca != "" {
 		certBytes, err := ioutil.ReadFile(ca)
 		if err != nil {

From e2155bccaa811690d8eadd45861bedcb1f8e06fe Mon Sep 17 00:00:00 2001
From: wincsb <win.csb@163.com>
Date: Fri, 8 Dec 2023 14:45:04 +0800
Subject: [PATCH 2/2] Fixed the Http server ReadTimeout, WriteTimeout, and
 IdleTimeout configuration items not taking effect

Fixed the Http server ReadTimeout, WriteTimeout, and IdleTimeout configuration items not taking effect
<tars>
  <application>
      <server>
				accepttimeout=500
				readtimeout=5000
				writetimeout=5000
				idletimeout=8000
      </server>
  </application>
</tars>
---
 tars/servanthandle.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tars/servanthandle.go b/tars/servanthandle.go
index 2856cd9b..79bbcdbc 100755
--- a/tars/servanthandle.go
+++ b/tars/servanthandle.go
@@ -102,7 +102,7 @@ func (a *application) AddHttpServantWithExceptionStatusChecker(mux HttpHandler,
 		ExceptionStatusChecker: exceptionStatusChecker,
 	}
 	mux.SetConfig(httpConf)
-	s := &http.Server{Addr: cfg.Address, Handler: mux, TLSConfig: cfg.TlsConfig}
+	s := &http.Server{Addr: cfg.Address, Handler: mux, TLSConfig: cfg.TlsConfig, ReadTimeout: cfg.ReadTimeout, WriteTimeout: cfg.WriteTimeout, IdleTimeout: cfg.IdleTimeout}
 	a.httpSvrs[obj] = s
 }