CalvinBackup/ctrld
1
0
Fork 0
mirror of https://github.com/Control-D-Inc/ctrld.git synced 2026-05-27 12:52:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

all: explicit TLS MinVersion in tls.Config

Browse Source 
Go's default is already TLS 1.2+ (since Go 1.18), but making this
explicit satisfies RFC 7858/9250 recommendations and makes the security
intent clear for auditors.
This commit is contained in:
Cuong Manh Le
2026-05-08 15:03:28 +07:00
committed by Cuong Manh Le
parent 1735d3d55b
commit 8e2ef7ca65
8 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/certs/root_ca_test.go
+2 -1
View File
@@ -11,7 +11,8 @@ func TestCACertPool(t *testing.T) {
c := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: CACertPool(),
RootCAs: CACertPool(),
MinVersion: tls.VersionTLS12,
},
},
Timeout: 2 * time.Second,
internal/controld/config.go
+1 -1
View File
@@ -351,7 +351,7 @@ func apiTransport(loggerCtx context.Context, cdDev bool) *http.Transport {
return dial(ctx, "tcp6", addrsFromPort(apiIpsV6, port))
}
if runtime.GOOS == "android" {
transport.TLSClientConfig = &tls.Config{RootCAs: certs.CACertPool()}
transport.TLSClientConfig = &tls.Config{RootCAs: certs.CACertPool(), MinVersion: tls.VersionTLS12}
}
return transport
}