ldap: use custom TLS cipher suites (#20221)

This commit replaces the LDAP client TLS config and adds a custom list of TLS cipher suites which support RSA key exchange (RSA kex). Some LDAP server connections experience a significant slowdown when these cipher suites are not available. The Go TLS stack disables them by default. (Can be enabled via GODEBUG=tlsrsakex=1). fixes https://github.com/minio/minio/issues/20214 With a custom list of TLS ciphers, Go can pick the TLS RSA key-exchange cipher. Ref: ``` if c.CipherSuites != nil { return c.CipherSuites } if tlsrsakex.Value() == "1" { return defaultCipherSuitesWithRSAKex } ``` Ref: https://cs.opensource.google/go/go/+/refs/tags/go1.22.5:src/crypto/tls/common.go;l=1017 Signed-off-by: Andreas Auernhammer <github@aead.dev>
2026-02-04 18:00:15 -05:00 · 2024-08-07 14:59:47 +02:00
parent 2681219039
commit 14876a4df1
4 changed files with 15 additions and 7 deletions
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,7 @@ require (
 	github.com/minio/madmin-go/v3 v3.0.59-0.20240725120704-3cfbffc45f08
 	github.com/minio/minio-go/v7 v7.0.73
 	github.com/minio/mux v1.9.0
-	github.com/minio/pkg/v3 v3.0.10
+	github.com/minio/pkg/v3 v3.0.11-0.20240806150526-672ab5e3b458
 	github.com/minio/selfupdate v0.6.0
 	github.com/minio/simdjson-go v0.4.5
 	github.com/minio/sio v0.4.0