final integration

client/client.go

@@ -50,19 +50,12 @@ func New(cfg *Config) (*Client, error) {
 	}
 
 	client.dtlsConfig = &dtls.Config{
-		CipherSuites: []dtls.CipherSuiteID{
-			dtls.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
-			dtls.TLS_PSK_WITH_AES_128_CCM,
-			dtls.TLS_PSK_WITH_AES_128_CCM_8,
-			dtls.TLS_PSK_WITH_AES_256_CCM_8,
-			dtls.TLS_PSK_WITH_AES_128_GCM_SHA256,
-			dtls.TLS_PSK_WITH_AES_128_CBC_SHA256,
-		},
 		ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
 		ConnectContextMaker:  client.contextMaker,
 		PSK:                  client.psk,
 		PSKIdentityHint:      []byte(cfg.PSKIdentity),
 		MTU:                  cfg.MTU,
+		CipherSuites:         cfg.CipherSuites,
 	}
 	lc := udp.ListenConfig{
 		Backlog: Backlog,

client/config.go

@@ -3,6 +3,8 @@ package client
 import (
 	"context"
 	"time"
+
+	"github.com/Snawoot/dtlspipe/ciphers"
 )
 
 type Config struct {
@@ -14,6 +16,7 @@ type Config struct {
 	PSKCallback   func([]byte) ([]byte, error)
 	PSKIdentity   string
 	MTU           int
+	CipherSuites  ciphers.CipherList
 }
 
 func (cfg *Config) populateDefaults() *Config {
@@ -26,5 +29,8 @@ func (cfg *Config) populateDefaults() *Config {
 	if cfg.IdleTimeout == 0 {
 		cfg.IdleTimeout = 90 * time.Second
 	}
+	if cfg.CipherSuites == nil {
+		cfg.CipherSuites = ciphers.DefaultList
+	}
 	return cfg
 }

cmd/dtlspipe/main.go

@@ -113,6 +113,7 @@ func cmdClient(bindAddress, remoteAddress string) int {
 		IdleTimeout:   *idleTime,
 		BaseContext:   appCtx,
 		MTU:           *mtu,
+		CipherSuites:  ciphersuites.Value,
 	}
 
 	clt, err := client.New(&cfg)
@@ -147,6 +148,7 @@ func cmdServer(bindAddress, remoteAddress string) int {
 		BaseContext:     appCtx,
 		MTU:             *mtu,
 		SkipHelloVerify: *skipHelloVerify,
+		CipherSuites:    ciphersuites.Value,
 	}
 
 	srv, err := server.New(&cfg)

server/config.go

@@ -3,6 +3,8 @@ package server
 import (
 	"context"
 	"time"
+
+	"github.com/Snawoot/dtlspipe/ciphers"
 )
 
 type Config struct {
@@ -14,6 +16,7 @@ type Config struct {
 	PSKCallback     func([]byte) ([]byte, error)
 	MTU             int
 	SkipHelloVerify bool
+	CipherSuites    ciphers.CipherList
 }
 
 func (cfg *Config) populateDefaults() *Config {
@@ -26,5 +29,8 @@ func (cfg *Config) populateDefaults() *Config {
 	if cfg.IdleTimeout == 0 {
 		cfg.IdleTimeout = 90 * time.Second
 	}
+	if cfg.CipherSuites == nil {
+		cfg.CipherSuites = ciphers.DefaultList
+	}
 	return cfg
 }

server/server.go

@@ -51,19 +51,12 @@ func New(cfg *Config) (*Server, error) {
 	}
 
 	srv.dtlsConfig = &dtls.Config{
-		CipherSuites: []dtls.CipherSuiteID{
-			dtls.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
-			dtls.TLS_PSK_WITH_AES_128_CCM,
-			dtls.TLS_PSK_WITH_AES_128_CCM_8,
-			dtls.TLS_PSK_WITH_AES_256_CCM_8,
-			dtls.TLS_PSK_WITH_AES_128_GCM_SHA256,
-			dtls.TLS_PSK_WITH_AES_128_CBC_SHA256,
-		},
 		ExtendedMasterSecret:    dtls.RequireExtendedMasterSecret,
 		ConnectContextMaker:     srv.contextMaker,
 		PSK:                     srv.psk,
 		MTU:                     cfg.MTU,
 		InsecureSkipVerifyHello: cfg.SkipHelloVerify,
+		CipherSuites:            cfg.CipherSuites,
 	}
 	lc := udp.ListenConfig{
 		AcceptFilter: func(packet []byte) bool {