Try go script on Windows

.github/workflows/fips/compose/compose-linux.yml

@@ -20,6 +20,8 @@ services:
     build:
       context: linux
       dockerfile: Dockerfile
+      args:
+        - "BUILD_TARGET=server"
     command: ["./server", "ECDHE-RSA-AES128-SHA256"]
     healthcheck:
       test: "curl -f localhost:443"
@@ -31,6 +33,8 @@ services:
     build:
       context: linux
       dockerfile: Dockerfile
+      args:
+        - "BUILD_TARGET=server"
     command: ["./server", "ECDHE-RSA-CHACHA20-POLY1305"]
     healthcheck:
       test: "curl -f localhost:443"

.github/workflows/fips/compose/compose-windows.yml

@@ -18,7 +18,9 @@ services:
     build:
       context: windows
       dockerfile: Dockerfile
-    command: ["powershell.exe", "-File", "C:/app/start-server.ps1", "ECDHE-RSA-AES128-SHA256"]
+      args:
+        - "BUILD_TARGET=http-server.exe"
+    command: ["C:/app/http-server.exe", "ECDHE-RSA-AES128-SHA256"]
     healthcheck:
       test: "curl -f localhost:443"
       start_period: 5s
@@ -29,7 +31,9 @@ services:
     build:
       context: windows
       dockerfile: Dockerfile
-    command: ["powershell.exe", "-File", "C:/app/start-server.ps1", "ECDHE-RSA-CHACHA20-POLY1305"]
+      args:
+        - "BUILD_TARGET=http-server.exe"
+    command: ["C:/app/http-server.exe", "ECDHE-RSA-CHACHA20-POLY1305"]
     healthcheck:
       test: "curl -f localhost:443"
       start_period: 5s

.github/workflows/fips/compose/linux/Dockerfile

@@ -1,9 +1,15 @@
 FROM golang:1.23
 
+WORKDIR /app
+
 # Copy all files
 COPY . ./
 
-RUN go build -o server http-server.go
+ENV GO111MODULE=off
+
+# Build the server
+ARG BUILD_TARGET
+RUN go build -o $BUILD_TARGET http-server.go
 
 # Expose port 443
 EXPOSE 443

.github/workflows/fips/compose/linux/http-server.go

@@ -50,5 +50,5 @@ func main() {
 	}
 
 	fmt.Printf("Serving on https://localhost:8443 using cipher %s with TLSv1.2 enforced\n", tlsCipher)
-	log.Fatal(server.ListenAndServeTLS("ca.crt", "ca.key"))
+	log.Fatal(server.ListenAndServeTLS("./ca.crt", "./ca.key"))
 }

.github/workflows/fips/compose/windows/Dockerfile

@@ -1,7 +1,14 @@
-FROM mcr.microsoft.com/windows/servercore:ltsc2022
+FROM golang:1.23
 
-COPY start-server.ps1 C:/app/start-server.ps1
-COPY ca.* C:/app/
+WORKDIR /app
+
+# Copy all files
+COPY . ./
+
+ENV GO111MODULE=off
+
+# Build the server
+RUN go build -o http-server.exe http-server.go
 
 # Expose port 443
 EXPOSE 443

.github/workflows/fips/compose/windows/http-server.go

@@ -0,0 +1,54 @@
+package main
+
+import (
+	"crypto/tls"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+)
+
+func main() {
+	// Get the allowed cipher from command-line argument
+	if len(os.Args) < 2 {
+		log.Fatal("Usage: server <TLS_CIPHER>")
+	}
+	tlsCipher := os.Args[1]
+
+	// Define allowed ciphers for TLS 1.2
+	cipherMap := map[string]uint16{
+		"ECDHE-RSA-CHACHA20-POLY1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		"ECDHE-RSA-AES128-SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	}
+
+	cipher, exists := cipherMap[tlsCipher]
+	if !exists {
+		log.Fatalf("Unsupported cipher: %s", tlsCipher)
+	}
+
+	// TLS Configuration
+	tlsConfig := &tls.Config{
+		MinVersion:               tls.VersionTLS12,
+		MaxVersion:               tls.VersionTLS12, // Force TLS 1.2 only
+		CipherSuites:             []uint16{cipher}, // Restrict to a single cipher
+		PreferServerCipherSuites: true,
+
+	}
+
+	// Define a simple HTTP handler
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte("<html><body><h1>Secure Server</h1></body></html>"))
+	})
+
+	// Create HTTPS server
+	server := &http.Server{
+		Addr:      ":443",
+		Handler:   handler,
+		TLSConfig: tlsConfig,
+		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
+	}
+
+	fmt.Printf("Serving on https://localhost:8443 using cipher %s with TLSv1.2 enforced\n", tlsCipher)
+	log.Fatal(server.ListenAndServeTLS("./ca.crt", "./ca.key"))
+}