Require TLS 1.2 minimum.

This prevents a downgrade attack to the vulnerable SSLv3. While here, go ahead and require at least TLS 1.2 since TLS 1.0 and 1.1 have their own set of issues and it's only a matter of time before those would need to be completely avoided as well. ok @davecgh
2024-11-19 01:40:07 +01:00 · 2014-12-15 13:44:19 -05:00 · 2014-12-15 13:44:19 -05:00 · 1d0c09a852
commit 1d0c09a852
parent 1c4ac4426c
1 changed files with 1 additions and 0 deletions
--- a/rpcserver.go
+++ b/rpcserver.go
@ -539,6 +539,7 @@ func newRPCServer(listenAddrs []string, s *server) (*rpcServer, error) {

 	tlsConfig := tls.Config{
 		Certificates: []tls.Certificate{keypair},
+		MinVersion:   tls.VersionTLS12,
 	}

 	// TODO(oga) this code is similar to that in server, should be