TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-12-03 02:21:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/derper: disable TLS 1.0 and 1.1.

Browse Source 
Updates tailscale/corp#3568

Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
David Anderson
2022-01-27 16:51:30 -08:00
committed by Dave Anderson
parent 69392411d9
commit f5ec916214
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/derper/derper.go
View File

@@ -241,6 +241,8 @@ func main() {
cert.Certificate = append(cert.Certificate, s.MetaCert()) cert.Certificate = append(cert.Certificate, s.MetaCert())
return cert, nil return cert, nil
} }
// Disable TLS 1.0 and 1.1, which are obsolete and have security issues.
httpsrv.TLSConfig.MinVersion = tls.VersionTLS12
httpsrv.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { httpsrv.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.TLS != nil { if r.TLS != nil {
label := "unknown" label := "unknown"