Add and fix gosec

2025-08-25 08:37:47 +00:00 · 2021-11-15 18:31:52 +00:00
parent 715542ac1c
commit c4d4c9c4e4
5 changed files with 10 additions and 9 deletions
--- a/app.go
+++ b/app.go
@@ -638,10 +638,12 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
 		if !strings.HasPrefix(h.cfg.ServerURL, "https://") {
 			log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")
 		}
-		tlsConfig := &tls.Config{}
-		tlsConfig.ClientAuth = tls.RequireAnyClientCert
-		tlsConfig.NextProtos = []string{"http/1.1"}
-		tlsConfig.Certificates = make([]tls.Certificate, 1)
+		tlsConfig := &tls.Config{
+			ClientAuth:   tls.RequireAnyClientCert,
+			NextProtos:   []string{"http/1.1"},
+			Certificates: make([]tls.Certificate, 1),
+			MinVersion:   tls.VersionTLS12,
+		}
 		tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(h.cfg.TLSCertPath, h.cfg.TLSKeyPath)

 		return tlsConfig, err