luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Allow specifying a TLS minimum version

This commit is contained in:
Karl Gutwin 2015-07-22 23:19:41 -04:00
parent c0d01df519
commit 2e81d9047d
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
command/server/listener.go
View File

@ -50,10 +50,24 @@ func listenerWrapTLS(
return nil, nil, fmt.Errorf("error loading TLS cert: %s", err) return nil, nil, fmt.Errorf("error loading TLS cert: %s", err)
} }
tlslookup := map[string]uint16{
"tls10": tls.VersionTLS10,
"tls11": tls.VersionTLS11,
"tls12": tls.VersionTLS12,
}
tlsvers, ok := config["tls_min_vers"]
if !ok {
tlsvers = "tls12"
}
tlsConf := &tls.Config{} tlsConf := &tls.Config{}
tlsConf.Certificates = []tls.Certificate{cert} tlsConf.Certificates = []tls.Certificate{cert}
tlsConf.NextProtos = []string{"http/1.1"} tlsConf.NextProtos = []string{"http/1.1"}
tlsConf.MinVersion = tls.VersionTLS12 // Minimum version is TLS 1.2 tlsConf.MinVersion, ok = tlslookup[tlsvers]
if !ok {
return nil, nil, fmt.Errorf("'tls_min_vers' value %s not supported, please specify one of [tls10,tls11,tls12]", tlsvers)
}
tlsConf.ClientAuth = tls.RequestClientCert tlsConf.ClientAuth = tls.RequestClientCert
ln = tls.NewListener(ln, tlsConf) ln = tls.NewListener(ln, tlsConf)