Require TLS 1.2 minimum.
This prevents a downgrade attack to the vulnerable SSLv3. While here, go ahead and require at least TLS 1.2 since TLS 1.0 and 1.1 have their own set of issues and it's only a matter of time before those would need to be completely avoided as well.
This commit is contained in:
Josh Rickmar
Dave Collins
parent
6eabd7c014
commit
df3779f780
1 changed files with 1 additions and 0 deletions
|
|
@ -333,6 +333,7 @@ func newRPCServer(listenAddrs []string, maxPost, maxWebsockets int64) (*rpcServe
|
||||||
|
|
||||||
tlsConfig := tls.Config{
|
tlsConfig := tls.Config{
|
||||||
Certificates: []tls.Certificate{keypair},
|
Certificates: []tls.Certificate{keypair},
|
||||||
|
MinVersion: tls.VersionTLS12,
|
||||||
}
|
}
|
||||||
|
|
||||||
ipv4ListenAddrs, ipv6ListenAddrs, err := parseListeners(listenAddrs)
|
ipv4ListenAddrs, ipv6ListenAddrs, err := parseListeners(listenAddrs)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue