Commit 2475123d authored by Jordan Liggitt's avatar Jordan Liggitt

Bump minimum TLS version from SSLv3 to TLSv1.0

parent 0f88d149
......@@ -224,6 +224,8 @@ func main() {
WriteTimeout: 5 * time.Minute,
MaxHeaderBytes: 1 << 20,
TLSConfig: &tls.Config{
// Change default from SSLv3 to TLSv1.0 (because of POODLE vulnerability)
MinVersion: tls.VersionTLS10,
// Populate PeerCertificates in requests, but don't reject connections without certificates
// This allows certificates to be validated by authenticators, while still allowing other auth types
ClientAuth: tls.RequestClientCert,
......
......@@ -68,6 +68,8 @@ func NewClientCertTLSTransport(certFile, keyFile, caFile string) (*http.Transpor
certPool.AppendCertsFromPEM(data)
return &http.Transport{
TLSClientConfig: &tls.Config{
// Change default from SSLv3 to TLSv1.0 (because of POODLE vulnerability)
MinVersion: tls.VersionTLS10,
Certificates: []tls.Certificate{
cert,
},
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment