Forráskód Böngészése

pkg: set minimum TLS version to 1.0 (disable SSL3)

SSLv3 is no longer considered secure, and is not supported by golang
clients. Set the minimum version of all TLSConfigs that etcd uses to
ensure that only TLS >=1.0 can be used.
Jonathan Boulle 11 éve
szülő
commit
e334148a91
1 módosított fájl, 5 hozzáadás és 3 törlés
  1. 5 3
      pkg/transport/listener.go

+ 5 - 3
pkg/transport/listener.go

@@ -89,9 +89,11 @@ func (info TLSInfo) baseConfig() (*tls.Config, error) {
 		return nil, err
 		return nil, err
 	}
 	}
 
 
-	var cfg tls.Config
-	cfg.Certificates = []tls.Certificate{tlsCert}
-	return &cfg, nil
+	cfg := &tls.Config{
+		Certificates: []tls.Certificate{tlsCert},
+		MinVersion:   tls.VersionTLS10,
+	}
+	return cfg, nil
 }
 }
 
 
 // ServerConfig generates a tls.Config object for use by an HTTP server
 // ServerConfig generates a tls.Config object for use by an HTTP server