diff --git a/certs/demo.crt b/certs/demo.crt index 0bf83cc..5debacb 100644 --- a/certs/demo.crt +++ b/certs/demo.crt @@ -1,24 +1,12 @@ -----BEGIN CERTIFICATE----- -MIID8TCCAtmgAwIBAgIJAPtYE3vk2Ky2MA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD -VQQGEwJaQTEQMA4GA1UECAwHR2F1dGVuZzEVMBMGA1UEBwwMSm9oYW5uZXNidXJn -MQ0wCwYDVQQKDARMU0IgMREwDwYDVQQLDAhTb2Z0d2FyZTEPMA0GA1UEAwwGUGll -dGVyMSMwIQYJKoZIhvcNAQkBFhRwaWV0ZXJsb3V3QGdtYWlsLmNvbTAeFw0xNzEy -MDUwOTEzNDRaFw0yMDA5MjQwOTEzNDRaMIGOMQswCQYDVQQGEwJaQTEQMA4GA1UE -CAwHR2F1dGVuZzEVMBMGA1UEBwwMSm9oYW5uZXNidXJnMQ0wCwYDVQQKDARMU0Ig -MREwDwYDVQQLDAhTb2Z0d2FyZTEPMA0GA1UEAwwGUGlldGVyMSMwIQYJKoZIhvcN -AQkBFhRwaWV0ZXJsb3V3QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAJ4qMtm2wW6DTD+FzIZGc6CNUg6pRtNPTuSjFxOSYi+uvmymbnfS -9czwPRkqKYfH03oCi4hNmQmiwG6HSBppZE2pQmFYKvBWXPXGwAnHaOFCJ5xOljrs -znNBqpCbTS1hK9KPVJTRumm0bJIIAH4YjUzvolRHhOpJ2L+a2X9YD1CboIsC8NIP -Lg75v4MD0+2i/NaHueaFHHETArVhDCwtgnnttItFM5vSKmSObxz3MIuIjsf4Mf2/ -w929i110+457hk+iEeH+otJVjD1O7AlBJwibZ3HFkUo+3O8hckVJazn5Q+yepWb0 -1ufVfZ/N3WAjqRCFKvH/FoQezb0n/GmMsY8CAwEAAaNQME4wHQYDVR0OBBYEFM6d -ALIYgzz9SzgmGDISMkZAUIY3MB8GA1UdIwQYMBaAFM6dALIYgzz9SzgmGDISMkZA -UIY3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACztEQILEK8xFguP -jajsPTOtdHpwgzjYfs2AGR4LGpKw1jZ6sQ5akG8pjjXC3woV5/PeMXutR693yrMh -nXACZDdm00AY2QtC1RMGuVz6egxtVNnOP9WgptZB9O1SZ1oJnY+bccZiyjY5YU5Q -dl8kH8B6dTDqmoFrzlvjz199mV8Tn+0B47XxAzkFG+CHhGcDOMCVgqxScqIfgG3V -H3zxJ/+EKU4LItczN7ZI0nwQpH1ew3rLwmTQJIhnjdrKSE/vjqr/gOGotkblZMjM -3PRTmL7TquRqwwaUmJU0fyP29tzW9xbbEDSSdqNUr4RPnmDv8xHoziu909pAWeM8 -9sdXiZU= +MIIB0jCCAXegAwIBAgIJALp6yGU6imKzMAoGCCqGSM49BAMCMEUxCzAJBgNVBAYT +AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn +aXRzIFB0eSBMdGQwHhcNMTcxMjE0MTg1MjQ0WhcNMjAxMDAzMTg1MjQ0WjBFMQsw +CQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELdov +5Cul8n51tCVlFpBSXaFA8MkE/bgJFd+BqM3JOefO1T6n9xUtOrB/oKH++G82IkVz +BSoviows1EbRnxrT5aNQME4wHQYDVR0OBBYEFPOFh2julx1VHiw1kMgMaOWoR9Ql +MB8GA1UdIwQYMBaAFPOFh2julx1VHiw1kMgMaOWoR9QlMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDSQAwRgIhALwLiF0C93321WhDTZ6KhZK+X46aqxzUyC6HYdiZ +wYtvAiEA211/4eEUUUngbEs7Cwtn7MBjbx+0vKUOLmp+NUHfTdA= -----END CERTIFICATE----- diff --git a/certs/demo.key b/certs/demo.key index 2f7b284..4e6ce46 100644 --- a/certs/demo.key +++ b/certs/demo.key @@ -1,28 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCeKjLZtsFug0w/ -hcyGRnOgjVIOqUbTT07koxcTkmIvrr5spm530vXM8D0ZKimHx9N6AouITZkJosBu -h0gaaWRNqUJhWCrwVlz1xsAJx2jhQiecTpY67M5zQaqQm00tYSvSj1SU0bpptGyS -CAB+GI1M76JUR4TqSdi/mtl/WA9Qm6CLAvDSDy4O+b+DA9PtovzWh7nmhRxxEwK1 -YQwsLYJ57bSLRTOb0ipkjm8c9zCLiI7H+DH9v8PdvYtddPuOe4ZPohHh/qLSVYw9 -TuwJQScIm2dxxZFKPtzvIXJFSWs5+UPsnqVm9Nbn1X2fzd1gI6kQhSrx/xaEHs29 -J/xpjLGPAgMBAAECggEAMhx0l/4LMxRuaAHgVvqjT872nKaNRg3ulQoHGbBbY3gd -5RamEVjJf/DtqrdtCRQKsLF1u+25+w+RoHNEKPoTSXfDDEx+7j6unUAnP/HqDNSE -8EUF3A2DK4k2nTJXNXWACOpYhf4c7bi4XVwjq8/jlOinqcQvHHvhLHPHTU19LLBi -hUDJ/j/4sWaZtUyCI/feyLW5FyGJl+nlaQY6Cokvc3NtdHXxrBY09PO/BdxDcbl6 -KHQg1yeAgQZ9xrDJoCPGDpjclkz0mG2DdLNaxKm2shyeIEt7maBnyJeoNDqbKVEP -8xWG5+k2swfu4Ll4IwuQB2tYme/8qopZV0+VgDsboQKBgQDRaLDjRuju8P3GqOgg -c6INlgvcycHETE9CGvd+QOZ9tRZm78nUXSUAG54E0EWJCOP3S5UaDQ+V2Yjk+o+F -hKDgWujv8bdyYcfIIJtPuX5GiEI41NTqCSbWmkVgIPMOvb7LerbhCiUKOl4Ofjph -5PyN4o/8DBlMcondTf7AcrzAGwKBgQDBWsvGPomIbuu1cCZcOwCOMMuJUFC5hmq4 -bhTj3h6arp0AFXK3JoNVDWfolBAtYQwblHl3kq/8mF0anB7pFOI3QucOUjNtU/lG -0mWZWjXXO2mzNn2ZoRy937ECEPiFLAmhxSH8HxEDN91MNQ07tX9YGPTvtVBg8eI4 -EfEze+iznQKBgCzQU7J/tU+VISoHcY2oUVDJAIbiYmYo0nlaHgbVyr2yKDYlMLMS -r91jC6EKFSdrUKXWdfUaQHCYGhSujlJLfMYmjlzzBIgk5sUsPTCFiMF9XXaeDWZ8 -SOR6JUiaJInOD2uqOkLUkfKrZP+DAel7QJT4nEmbKTrT9C75BwCWTVBrAoGBAJms -Rx6ln3t+5PmMTACrqDJal7nnynDZY0J3w0SjyeEYfJGPemAUTPcxM2+HFiBq7EuT -QsMFI7f3hK/cezi2r2BKXQdlz5fJ0Oo32CX8q6QHhWe5HDQY95X1DmLdCBgXuwQG -gI84RbYwFUM3OvBEvRRQqYNGsL6MIEZ+BBzuEzGFAoGBAIereifZ++ghCv+xk4UQ -cjlaNdOFXb1ad8M0dfFMB4IhPDjsssuLh756J52IJ9p2ml/Hb4YGuELh73xO+7Fc -Y+rsxSFrPa5QxR7khZHersI63hlwZZ3oKvsywSFR3DpCxHjEiX42TscmC28+lFLa -zgReCnhxkawSFShsUWg6ix7L +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgSE05FSm7tx8V9HaQ +kZbmWPcKDQOgs+UL0j0ypyjLUhuhRANCAAQt2i/kK6XyfnW0JWUWkFJdoUDwyQT9 +uAkV34Gozck5587VPqf3FS06sH+gof74bzYiRXMFKi+KjCzURtGfGtPl -----END PRIVATE KEY----- diff --git a/certs/generate.sh b/certs/generate.sh old mode 100644 new mode 100755 index 8b13add..9ccfe0e --- a/certs/generate.sh +++ b/certs/generate.sh @@ -1,5 +1,5 @@ #!/bin/bash # Regenerate the self-signed certificate for local host. -openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 1024 -keyout demo.key -out demo.crt +openssl req -x509 -sha256 -nodes -newkey ec:<(openssl ecparam -name secp256r1) -days 1024 -keyout demo.key -out demo.crt diff --git a/client/main.go b/client/main.go index ed9a8e5..e68902c 100644 --- a/client/main.go +++ b/client/main.go @@ -28,9 +28,15 @@ func main() { flag.Parse() + // By using TLS tickets we can skip the lenghtly key agreement on any reconnections. + // We don't actually re-use connections here, nor is this a long-running services, + // but makes a good practice to imitate at low cost. + var globalTLSSessionCache = tls.NewLRUClientSessionCache(0) // capacity < 1 → use a default capacity + // create gRPC TLS credentials creds := credentials.NewTLS(&tls.Config{ InsecureSkipVerify: true, // using self signed certificate for demo, for more secure connections see https://bbengfort.github.io/programmer/2017/03/03/secure-grpc.html + ClientSessionCache: globalTLSSessionCache, }) grpcAuth := &basicAuthCreds{