CalvinBackup/ctrld
1
0
Fork 0
mirror of https://github.com/Control-D-Inc/ctrld.git synced 2026-05-27 12:52:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

all: explicit TLS MinVersion in tls.Config

Browse Source 
Go's default is already TLS 1.2+ (since Go 1.18), but making this
explicit satisfies RFC 7858/9250 recommendations and makes the security
intent clear for auditors.
This commit is contained in:
Cuong Manh Le
2026-05-08 15:03:28 +07:00
committed by Cuong Manh Le
parent 1735d3d55b
commit 8e2ef7ca65
8 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config_quic.go
+1 -1
View File
@@ -18,7 +18,7 @@ func (uc *UpstreamConfig) newDOH3Transport(ctx context.Context, addrs []string)
return nil
}
rt := &http3.Transport{}
rt.TLSClientConfig = &tls.Config{RootCAs: uc.certPool}
rt.TLSClientConfig = &tls.Config{RootCAs: uc.certPool, MinVersion: tls.VersionTLS12}
logger := LoggerFromCtx(ctx)
rt.Dial = func(ctx context.Context, addr string, tlsCfg *tls.Config, cfg *quic.Config) (*quic.Conn, error) {
_, port, _ := net.SplitHostPort(addr)