Set minimum TLS version in all tls.Config objects

This commit is contained in:
vishalnayak 2016-07-12 17:06:28 -04:00
parent 04cfa4f88d
commit 46d34130ac
4 changed files with 4 additions and 0 deletions

View file

@ -215,6 +215,7 @@ type ConfigEntry struct {
func (c *ConfigEntry) GetTLSConfig(host string) (*tls.Config, error) { func (c *ConfigEntry) GetTLSConfig(host string) (*tls.Config, error) {
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
MinVersion: VersionTLS12,
ServerName: host, ServerName: host,
} }
if c.InsecureTLS { if c.InsecureTLS {

View file

@ -50,6 +50,7 @@ func createSession(cfg *sessionConfig, s logical.Storage) (*gocql.Session, error
if cfg.TLS { if cfg.TLS {
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
InsecureSkipVerify: cfg.InsecureTLS, InsecureSkipVerify: cfg.InsecureTLS,
MinVersion: VersionTLS12,
} }
if len(cfg.Certificate) > 0 || len(cfg.IssuingCA) > 0 { if len(cfg.Certificate) > 0 || len(cfg.IssuingCA) > 0 {

View file

@ -438,6 +438,7 @@ func (p *ParsedCertBundle) GetTLSConfig(usage TLSUsage) (*tls.Config, error) {
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
NextProtos: []string{"http/1.1"}, NextProtos: []string{"http/1.1"},
MinVersion: VersionTLS12,
} }
if p.Certificate != nil { if p.Certificate != nil {

View file

@ -191,6 +191,7 @@ func setupTLSConfig(conf map[string]string) (*tls.Config, error) {
} }
tlsClientConfig := &tls.Config{ tlsClientConfig := &tls.Config{
MinVersion: VersionTLS12,
InsecureSkipVerify: insecureSkipVerify, InsecureSkipVerify: insecureSkipVerify,
ServerName: serverName[0], ServerName: serverName[0],
} }