Kaynağa Gözat

pkg: set minimum TLS version to 1.0 (disable SSL3)

SSLv3 is no longer considered secure, and is not supported by golang
clients. Set the minimum version of all TLSConfigs that etcd uses to
ensure that only TLS >=1.0 can be used.
Jonathan Boulle 11 yıl önce
ebeveyn
işleme
e334148a91
1 değiştirilmiş dosya ile 5 ekleme ve 3 silme
  1. 5 3
      pkg/transport/listener.go

+ 5 - 3
pkg/transport/listener.go

@@ -89,9 +89,11 @@ func (info TLSInfo) baseConfig() (*tls.Config, error) {
 		return nil, err
 	}
 
-	var cfg tls.Config
-	cfg.Certificates = []tls.Certificate{tlsCert}
-	return &cfg, nil
+	cfg := &tls.Config{
+		Certificates: []tls.Certificate{tlsCert},
+		MinVersion:   tls.VersionTLS10,
+	}
+	return cfg, nil
 }
 
 // ServerConfig generates a tls.Config object for use by an HTTP server