From 67410ab230fbf33c3ccb40bb3f5d2a07714e6f54 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Tue, 31 Jan 2017 13:30:25 -0500
Subject: [PATCH] Make TLS 1.2 *explicitly* required for cluster communications

---
 vault/cluster.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vault/cluster.go b/vault/cluster.go
index d146f98fe..732080759 100644
--- a/vault/cluster.go
+++ b/vault/cluster.go
@@ -377,6 +377,7 @@ func (c *Core) ClusterTLSConfig() (*tls.Config, error) {
 		ServerName: parsedCert.Subject.CommonName,
 		ClientAuth: tls.RequireAndVerifyClientCert,
 		ClientCAs:  c.clusterCertPool,
+		MinVersion: tls.VersionTLS12,
 	}
 
 	return tlsConfig, nil