fix(model): Improve regex for SSL ciphers

Author: krancour

model/model.go

@@ -151,7 +151,7 @@ func newCertificate(cert string, key string) *Certificate {
 type SSLConfig struct {
 	Enforce           bool        `key:"enforce" constraint:"(?i)^(true|false)$"`
 	Protocols         string      `key:"protocols" constraint:"^((SSLv2|SSLv3|TLSv1|TLSv1\\.1|TLSv1\\.2)\\s*)+$"`
-	Ciphers           string      `key:"ciphers" constraint:"^([A-Z][A-Z\\d-]+:?)*$"`
+	Ciphers           string      `key:"ciphers" constraint:"^(!?[A-Z][A-Z\\d\\+-]+:?)*$"`
 	SessionCache      string      `key:"sessionCache" constraint:"^(off|none|((builtin(:[1-9]\\d*)?|shared:\\w+:[1-9]\\d*[kKmM]?)\\s*){1,2})$"`
 	SessionTimeout    string      `key:"sessionTimeout" constraint:"^[1-9]\\d*(ms|[smhdwMy])?$"`
 	UseSessionTickets bool        `key:"useSessionTickets" constraint:"(?i)^(true|false)$"`

model/model_validation_test.go

@@ -260,7 +260,7 @@ func TestInvalidSSLCiphers(t *testing.T) {
 }
 
 func TestValidSSLCiphers(t *testing.T) {
-	testValidValues(t, newTestSSLConfig, "Ciphers", "ciphers", []string{"DHE-RSA-AES256-SHA", "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA"})
+	testValidValues(t, newTestSSLConfig, "Ciphers", "ciphers", []string{"DHE-RSA-AES256-SHA", "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA", "EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"})
 }
 
 func TestInvalidSSLSessionCache(t *testing.T) {