Merge: * app, dnsforward: add MinVersion for TLS configs #651
* commit 'c82887d3aa3332cf4d7a7dda22f51b160be306b3': * app, dnsforward: add MinVersion for TLS configs
This commit is contained in:
commit
61554ba4e0
1
app.go
1
app.go
@ -197,6 +197,7 @@ func run(args options) {
|
||||
Addr: address,
|
||||
TLSConfig: &tls.Config{
|
||||
Certificates: []tls.Certificate{cert},
|
||||
MinVersion: tls.VersionTLS12,
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -175,7 +175,10 @@ func (s *Server) startInternal(config *ServerConfig) error {
|
||||
if err != nil {
|
||||
return errorx.Decorate(err, "Failed to parse TLS keypair")
|
||||
}
|
||||
proxyConfig.TLSConfig = &tls.Config{Certificates: []tls.Certificate{keypair}}
|
||||
proxyConfig.TLSConfig = &tls.Config{
|
||||
Certificates: []tls.Certificate{keypair},
|
||||
MinVersion: tls.VersionTLS12,
|
||||
}
|
||||
}
|
||||
|
||||
if proxyConfig.UDPListenAddr == nil {
|
||||
|
@ -101,7 +101,11 @@ func TestDotServer(t *testing.T) {
|
||||
// Add our self-signed generated config to roots
|
||||
roots := x509.NewCertPool()
|
||||
roots.AppendCertsFromPEM(certPem)
|
||||
tlsConfig := &tls.Config{ServerName: tlsServerName, RootCAs: roots}
|
||||
tlsConfig := &tls.Config{
|
||||
ServerName: tlsServerName,
|
||||
RootCAs: roots,
|
||||
MinVersion: tls.VersionTLS12,
|
||||
}
|
||||
|
||||
// Create a DNS-over-TLS client connection
|
||||
addr := s.dnsProxy.Addr(proxy.ProtoTLS)
|
||||
@ -459,7 +463,7 @@ func createServerTLSConfig(t *testing.T) (*tls.Config, []byte, []byte) {
|
||||
t.Fatalf("failed to create certificate: %s", err)
|
||||
}
|
||||
|
||||
return &tls.Config{Certificates: []tls.Certificate{cert}, ServerName: tlsServerName}, certPem, keyPem
|
||||
return &tls.Config{Certificates: []tls.Certificate{cert}, ServerName: tlsServerName, MinVersion: tls.VersionTLS12}, certPem, keyPem
|
||||
}
|
||||
|
||||
func createDataDir(t *testing.T) string {
|
||||
|
Loading…
Reference in New Issue
Block a user