pkg: set minimum TLS version to 1.0 (disable SSL3)

SSLv3 is no longer considered secure, and is not supported by golang
clients. Set the minimum version of all TLSConfigs that etcd uses to
ensure that only TLS >=1.0 can be used.

pkg/transport/listener.go

@@ -89,9 +89,11 @@ func (info TLSInfo) baseConfig() (*tls.Config, error) {
 		return nil, err
 	}
 
-	var cfg tls.Config
-	cfg.Certificates = []tls.Certificate{tlsCert}
-	return &cfg, nil
+	cfg := &tls.Config{
+		Certificates: []tls.Certificate{tlsCert},
+		MinVersion:   tls.VersionTLS10,
+	}
+	return cfg, nil
 }
 
 // ServerConfig generates a tls.Config object for use by an HTTP server