logpolicy: force TLS 1.3 handshake

Updates tailscale/tailscale#3363

We know `log.tailscale.io` supports TLS 1.3, so we can enforce its usage in the client to shake some bytes off the TLS handshake each time a connection is opened to upload logs.

Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
This commit is contained in:
Andrea Gottardo 2024-10-02 11:20:49 -07:00 committed by Brad Fitzpatrick
parent 5f88b65764
commit 58c6bc2991

View File

@ -813,6 +813,8 @@ func NewLogtailTransport(host string, netMon *netmon.Monitor, health *health.Tra
} }
tr.TLSClientConfig = tlsdial.Config(host, health, tr.TLSClientConfig) tr.TLSClientConfig = tlsdial.Config(host, health, tr.TLSClientConfig)
// Force TLS 1.3 since we know log.tailscale.io supports it.
tr.TLSClientConfig.MinVersion = tls.VersionTLS13
return tr return tr
} }