CalvinBackup/ctrld
1
0
Fork 0
mirror of https://github.com/Control-D-Inc/ctrld.git synced 2026-05-27 12:52:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

all: explicit TLS MinVersion in tls.Config

Browse Source 
Go's default is already TLS 1.2+ (since Go 1.18), but making this
explicit satisfies RFC 7858/9250 recommendations and makes the security
intent clear for auditors.
This commit is contained in:
Cuong Manh Le
2026-05-08 15:03:28 +07:00
committed by Cuong Manh Le
parent 1735d3d55b
commit 8e2ef7ca65
8 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/controld/config.go
+1 -1
View File
@@ -351,7 +351,7 @@ func apiTransport(loggerCtx context.Context, cdDev bool) *http.Transport {
return dial(ctx, "tcp6", addrsFromPort(apiIpsV6, port))
}
if runtime.GOOS == "android" {
transport.TLSClientConfig = &tls.Config{RootCAs: certs.CACertPool()}
transport.TLSClientConfig = &tls.Config{RootCAs: certs.CACertPool(), MinVersion: tls.VersionTLS12}
}
return transport
}