Tweak ciphers, fix issue #896

Dockerfile

@@ -52,13 +52,10 @@ RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@${PROTOC_GEN_GO_VER}
 
 # Go assets
 WORKDIR /go/src/github.com/bishopfox/sliver
-ADD ./go-assets.sh /go/src/github.com/bishopfox/sliver/go-assets.sh
-RUN ./go-assets.sh
-
-# Compile sliver server
 ADD . /go/src/github.com/bishopfox/sliver/
-RUN make clean-all \
-    && make \
+RUN make clean-all
+RUN ./go-assets.sh
+RUN make \
     && cp -vv sliver-server /opt/sliver-server \
     && /opt/sliver-server unpack --force 
 

server/c2/http.go

@@ -267,17 +267,17 @@ func getHTTPSConfig(conf *HTTPServerConfig) *tls.Config {
 
 	// Randomize the cipher suites
 	allCipherSuites := []uint16{
-		// tls.TLS_RSA_WITH_RC4_128_SHA,                      //uint16 = 0x0005
-		tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,        //uint16 = 0x000a
-		tls.TLS_RSA_WITH_AES_128_CBC_SHA,         //uint16 = 0x002f
-		tls.TLS_RSA_WITH_AES_256_CBC_SHA,         //uint16 = 0x0035
-		tls.TLS_RSA_WITH_AES_128_CBC_SHA256,      //uint16 = 0x003c
-		tls.TLS_RSA_WITH_AES_128_GCM_SHA256,      //uint16 = 0x009c
-		tls.TLS_RSA_WITH_AES_256_GCM_SHA384,      //uint16 = 0x009d
-		tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,     //uint16 = 0xc007
+		// tls.TLS_RSA_WITH_RC4_128_SHA,     //uint16 = 0x0005
+		tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,   //uint16 = 0x000a
+		tls.TLS_RSA_WITH_AES_128_CBC_SHA,    //uint16 = 0x002f
+		tls.TLS_RSA_WITH_AES_256_CBC_SHA,    //uint16 = 0x0035
+		tls.TLS_RSA_WITH_AES_128_CBC_SHA256, //uint16 = 0x003c
+		tls.TLS_RSA_WITH_AES_128_GCM_SHA256, //uint16 = 0x009c
+		tls.TLS_RSA_WITH_AES_256_GCM_SHA384, //uint16 = 0x009d
+		// tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,  //uint16 = 0xc007
 		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, //uint16 = 0xc009
 		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, //uint16 = 0xc00a
-		// tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,                //uint16 = 0xc011
+		// tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,    //uint16 = 0xc011
 		tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,           //uint16 = 0xc012
 		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,            //uint16 = 0xc013
 		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,            //uint16 = 0xc014
@@ -290,6 +290,8 @@ func getHTTPSConfig(conf *HTTPServerConfig) *tls.Config {
 		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,   //uint16 = 0xcca8
 		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, //uint16 = 0xcca9
 	}
+	// CipherSuites ignores the order of the ciphers, this random shuffle
+	// is truncated resulting in a random selection from all ciphers
 	insecureRand.Shuffle(len(allCipherSuites), func(i, j int) {
 		allCipherSuites[i], allCipherSuites[j] = allCipherSuites[j], allCipherSuites[i]
 	})