summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSolderpunk <solderpunk@sdf.org>2019-06-05 13:32:42 -0400
committerSolderpunk <solderpunk@sdf.org>2019-06-05 13:32:42 -0400
commitc2f90b00069543d2b562f08e0e3c041113bb9128 (patch)
tree508f3891654bf4b5164833d3b9f0c5d57062c63a
parentd80b6676ddc66ffab1f7fbedc1937e14e3adf0e7 (diff)
Set TLS 1.0 as minimum SSL/TLS version, i.e. disallow SSL 3.0.
-rw-r--r--main.go6
1 files changed, 5 insertions, 1 deletions
diff --git a/main.go b/main.go
index 7be9ce3..53e5ec7 100644
--- a/main.go
+++ b/main.go
@@ -2,6 +2,7 @@ package main
import (
"context"
+ "crypto/tls"
"flag"
"fmt"
"log"
@@ -45,8 +46,11 @@ func main() {
errs <- http_server.ListenAndServe()
}()
+ tlscfg := &tls.Config{
+ MinVersion: tls.VersionTLS10,
+ }
// Start the HTTPS server which actually handles most traffic.
- https_server := &http.Server{Addr: ":"+strconv.Itoa(config.HttpsPort), Handler: nil}
+ https_server := &http.Server{Addr: ":"+strconv.Itoa(config.HttpsPort), Handler: nil, TLSConfig: tlscfg}
go func() {
errs <- https_server.ListenAndServeTLS(config.CertPath, config.KeyPath)
}()