Skip to content

Commit 7395e3f

Browse files
author
Vincent Demeester
authored
Merge pull request #50 from justincormack/no-tls10
Remove server support for TLS 1.0 and 1.1
2 parents b7274b1 + eed1c49 commit 7395e3f

File tree

2 files changed

+3
-4
lines changed

2 files changed

+3
-4
lines changed

tlsconfig/config.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -65,8 +65,8 @@ var allTLSVersions = map[uint16]struct{}{
6565
// ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.
6666
func ServerDefault(ops ...func(*tls.Config)) *tls.Config {
6767
tlsconfig := &tls.Config{
68-
// Avoid fallback by default to SSL protocols < TLS1.0
69-
MinVersion: tls.VersionTLS10,
68+
// Avoid fallback by default to SSL protocols < TLS1.2
69+
MinVersion: tls.VersionTLS12,
7070
PreferServerCipherSuites: true,
7171
CipherSuites: DefaultServerAcceptedCiphers,
7272
}

tlsconfig/config_test.go

+1-2
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@ func TestConfigServerTLSServerCertsOnly(t *testing.T) {
133133
if !tlsConfig.PreferServerCipherSuites {
134134
t.Fatal("Expected server to prefer cipher suites")
135135
}
136-
if tlsConfig.MinVersion != tls.VersionTLS10 {
136+
if tlsConfig.MinVersion != tls.VersionTLS12 {
137137
t.Fatal("Unexpected server TLS version")
138138
}
139139
}
@@ -329,7 +329,6 @@ func TestConfigClientDefaultWithTLSMinimumModifier(t *testing.T) {
329329
// minimum version should be set accordingly
330330
func TestConfigServerTLSMinVersionIsSetBasedOnOptions(t *testing.T) {
331331
versions := []uint16{
332-
tls.VersionTLS11,
333332
tls.VersionTLS12,
334333
}
335334
key, cert := getCertAndKey()

0 commit comments

Comments
 (0)