Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing incorrect default TLS min and TLS max versions #5480

Merged
merged 6 commits into from
Jun 27, 2022
Merged

Fixing incorrect default TLS min and TLS max versions #5480

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1231434
Fixing incorrect TLS min and TLS max Versions by default
bushwhackr Jun 7, 2022
ecb7cb0
Added test cases for TLS min and TLS max versions
bushwhackr Jun 7, 2022
486bdce
Added entry to changelog
bushwhackr Jun 7, 2022
f6b19f5
Added Invalid TLS test cases
bushwhackr Jun 8, 2022
5158851
TLS MinVersion and TLS MaxVersion defaults to be handled by crypto/tls
bushwhackr Jun 9, 2022
d67c723
Removed description that can go out of sync
bushwhackr Jun 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Fixing incorrect TLS min and TLS max Versions by default
  • Loading branch information
@bushwhackr
bushwhackr committed Jun 23, 2022
commit 12314343f6748b6f12be0f4b94b6d09358145b20
10 changes: 7 additions & 3 deletions config/configtls/configtls.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,13 @@ func (c TLSSetting) loadTLSConfig() (*tls.Config, error) {
getClientCertificate = func(cri *tls.CertificateRequestInfo) (*tls.Certificate, error) { return certReloader.GetCertificate() }
}

// Setting default TLS minVersion
if c.MinVersion == "" {
c.MinVersion = "1.0"
}
if c.MaxVersion == "" {
c.MaxVersion = "1.3"
}
minTLS, err := convertVersion(c.MinVersion)
if err != nil {
return nil, fmt.Errorf("invalid TLS min_version: %w", err)
Expand Down Expand Up @@ -240,9 +247,6 @@ func (c TLSServerSetting) LoadTLSConfig() (*tls.Config, error) {
}

func convertVersion(v string) (uint16, error) {
if v == "" {
return tls.VersionTLS12, nil // default
}
val, ok := tlsVersions[v]
if !ok {
return 0, fmt.Errorf("unsupported TLS version: %q", v)
Expand Down