Require TLS 1.2 minimum.

This prevents a downgrade attack to the vulnerable SSLv3. While here, go ahead and require at least TLS 1.2 since TLS 1.0 and 1.1 have their own set of issues and it's only a matter of time before those would need to be completely avoided as well.
2014-12-15 14:00:01 -05:00 · 2014-12-15 14:00:01 -05:00 · df3779f780
commit df3779f780
parent 6eabd7c014
1 changed files with 1 additions and 0 deletions
--- a/rpcserver.go
+++ b/rpcserver.go
@ -333,6 +333,7 @@ func newRPCServer(listenAddrs []string, maxPost, maxWebsockets int64) (*rpcServe

 	tlsConfig := tls.Config{
 		Certificates: []tls.Certificate{keypair},
+		MinVersion:   tls.VersionTLS12,
 	}

 	ipv4ListenAddrs, ipv6ListenAddrs, err := parseListeners(listenAddrs)