Skip to content

Commit

Permalink
Fix incorrect description for default TLS versions
Browse files Browse the repository at this point in the history
  • Loading branch information
@bushwhackr
bushwhackr committed Jun 6, 2022
1 parent 6fb884b commit 24c3467
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions config/configtls/configtls.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,13 @@ func (c TLSSetting) loadTLSConfig() (*tls.Config, error) {
getClientCertificate = func(cri *tls.CertificateRequestInfo) (*tls.Certificate, error) { return certReloader.GetCertificate() }
}

// Setting default TLS minVersion
if c.MinVersion == "" {
c.MinVersion = "1.2"
}
if c.MaxVersion == "" {
c.MaxVersion = "1.3"
}
minTLS, err := convertVersion(c.MinVersion)
if err != nil {
return nil, fmt.Errorf("invalid TLS min_version: %w", err)
Expand Down Expand Up @@ -240,9 +247,6 @@ func (c TLSServerSetting) LoadTLSConfig() (*tls.Config, error) {
}

func convertVersion(v string) (uint16, error) {
if v == "" {
return tls.VersionTLS12, nil // default
}
val, ok := tlsVersions[v]
if !ok {
return 0, fmt.Errorf("unsupported TLS version: %q", v)
Expand Down

0 comments on commit 24c3467

Please sign in to comment.