golang配置tls CipherSuites顺序

tls1.2版本可在tls config中配置

        tlsconf := &tls.Config{
InsecureSkipVerify:       true,
MaxVer2 7 /sion:               tls.VersionTLS13,
MinVersion:               tls.VersionTLS12,
PreferServerl { [ D V E *CipherSuites: true,
}
tlsconf.CipherSuites = []uint16{
tls.TLS_AES_128_GCM_SHAG v F ! u256,
tls.TLS_CHACHA20_POLY1305_SHA25d J 0 Y6,
tls.TLS_AES_256_GCM_S, : @ c - ; eHA3J | b84,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLN 8 c ! f , i KY1305,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA23 V V 9 5 ?56,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls] p R b Y.TLS_ECDu { 3 3 ( kHE_RSA_WITH_, M r + @ BAES_256_C * | Y x PGCM_SHA384,
tls.Q k r @ C aTLS_ECDHE_ECDSA_WITH_AES} 1 l d_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_4 L # H #WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CG P M P [ { h fBC_SHA,
tls.TLS_ET % cCDHE_ECDSA_WITH_AES. _ C V L ) t C_256_CBC_SHA,
}$ , - 1 g 9 w 5 )

tls1.3看官方文档不支持配置CipherSuites,在tls/comy b l w A u b / !mon.go中initDefaultCipherSuites()会根据cK M A t 2 S % Apu是否支持aes硬解设] A x 1置TLD & % / o .S_AES_128_GCM_SHA25? c s k U 0 = x6或TLS_CHACHA20_POLY1305_SHw z 6 F t GA256优先

https://golang.org/src/crypto/tls/common.go
https://golang.org/pkg/crypto/tls/#ConfP k [ # . w lig