tls_server.go

func main() {
	addr := flag.String("addr", ":4000", "HTTPS network address")
	certFile := flag.String("certfile", "cert.pem", "certificate PEM file")
	keyFile := flag.String("keyfile", "key.pem", "key PEM file")
	flag.Parse()

	mux := http.NewServeMux()
	mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
		if req.URL.Path != "/" {
			http.NotFound(w, req)
			return
		}
	})

	w, err := os.OpenFile("/keypath/https-key.txt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
	if err != nil {
		fmt.Printf("failed to open file err %+v", err)
		return
	}

	cs := make([]uint16, len(cipherSuites))
	copy(cs, cipherSuites)
	var tlsCfg tls.Config
	tlsCfg.Certificates = make([]tls.Certificate, 1)
	tlsCfg.Certificates[0], err = tls.LoadX509KeyPair(*certFile, *keyFile)
	tlsCfg.NextProtos = []string{"h2"}
	tlsCfg.ClientAuth = tls.RequestClientCert
	tlsCfg.SessionTicketsDisabled = true
	tlsCfg.InsecureSkipVerify = true
	tlsCfg.KeyLogWriter = w
	tlsCfg.MinVersion = tls.VersionTLS12
	tlsCfg.CipherSuites = cs
	tlsCfg.PreferServerCipherSuites = true

	srv := &http.Server{
		Addr:      *addr,
		Handler:   mux,
		TLSConfig: &tlsCfg,
	}

	log.Printf("Starting server on %s", *addr)
	err = srv.ListenAndServeTLS("", "")
	log.Fatal(err)
}