From 0ef1d4dc1596d1b5a7ec468ab9cef03fec277132 Mon Sep 17 00:00:00 2001
From: Julien Pivotto <roidelapluie@inuits.eu>
Date: Sat, 25 Apr 2020 15:51:32 +0200
Subject: [PATCH] TLS: only support TLS 1.2

TLS 1.0 and 1.1 are deprecated by major vendors (e.g. browsers).

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
---
 https/tls_config.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/https/tls_config.go b/https/tls_config.go
index 7d381b84..4b298627 100644
--- a/https/tls_config.go
+++ b/https/tls_config.go
@@ -50,7 +50,9 @@ func getTLSConfig(configPath string) (*tls.Config, error) {
 
 // ConfigToTLSConfig generates the golang tls.Config from the TLSStruct config.
 func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error) {
-	cfg := &tls.Config{}
+	cfg := &tls.Config{
+		MinVersion: tls.VersionTLS12,
+	}
 	if len(c.TLSCertPath) == 0 {
 		return nil, errors.New("missing TLSCertPath")
 	}