Set minimum TLS version in all tls.Config objects
This commit is contained in:
parent
04cfa4f88d
commit
46d34130ac
|
@ -215,6 +215,7 @@ type ConfigEntry struct {
|
||||||
|
|
||||||
func (c *ConfigEntry) GetTLSConfig(host string) (*tls.Config, error) {
|
func (c *ConfigEntry) GetTLSConfig(host string) (*tls.Config, error) {
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
|
MinVersion: VersionTLS12,
|
||||||
ServerName: host,
|
ServerName: host,
|
||||||
}
|
}
|
||||||
if c.InsecureTLS {
|
if c.InsecureTLS {
|
||||||
|
|
|
@ -50,6 +50,7 @@ func createSession(cfg *sessionConfig, s logical.Storage) (*gocql.Session, error
|
||||||
if cfg.TLS {
|
if cfg.TLS {
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
InsecureSkipVerify: cfg.InsecureTLS,
|
InsecureSkipVerify: cfg.InsecureTLS,
|
||||||
|
MinVersion: VersionTLS12,
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(cfg.Certificate) > 0 || len(cfg.IssuingCA) > 0 {
|
if len(cfg.Certificate) > 0 || len(cfg.IssuingCA) > 0 {
|
||||||
|
|
|
@ -438,6 +438,7 @@ func (p *ParsedCertBundle) GetTLSConfig(usage TLSUsage) (*tls.Config, error) {
|
||||||
|
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
NextProtos: []string{"http/1.1"},
|
NextProtos: []string{"http/1.1"},
|
||||||
|
MinVersion: VersionTLS12,
|
||||||
}
|
}
|
||||||
|
|
||||||
if p.Certificate != nil {
|
if p.Certificate != nil {
|
||||||
|
|
|
@ -191,6 +191,7 @@ func setupTLSConfig(conf map[string]string) (*tls.Config, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsClientConfig := &tls.Config{
|
tlsClientConfig := &tls.Config{
|
||||||
|
MinVersion: VersionTLS12,
|
||||||
InsecureSkipVerify: insecureSkipVerify,
|
InsecureSkipVerify: insecureSkipVerify,
|
||||||
ServerName: serverName[0],
|
ServerName: serverName[0],
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue