Merge pull request #194 from NikitaSkrynnik/tls12

Set minumum TLS version to 1.2
networkservicemesh · May 29, 2022 · 8230a6a · 8230a6a
2 parents e956530 + fad6ba0
commit 8230a6a
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/main.go b/main.go
@@ -21,6 +21,7 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
 	"io/ioutil"
 	"net/url"
 	"os"
@@ -164,6 +165,11 @@ func main() {
 	}
 	logger.Infof("SVID: %q", svid.ID)
 
+	tlsClientConfig := tlsconfig.MTLSClientConfig(source, source, tlsconfig.AuthorizeAny())
+	tlsClientConfig.MinVersion = tls.VersionTLS12
+	tlsServerConfig := tlsconfig.MTLSServerConfig(source, source, tlsconfig.AuthorizeAny())
+	tlsServerConfig.MinVersion = tls.VersionTLS12
+
 	// ********************************************************************************
 	logger.Infof("executing phase 3: getting kubernetes config and pod description")
 	// ********************************************************************************
@@ -202,7 +208,7 @@ func main() {
 		grpc.Creds(
 			grpcfd.TransportCredentials(
 				credentials.NewTLS(
-					tlsconfig.MTLSServerConfig(source, source, tlsconfig.AuthorizeAny()),
+					tlsServerConfig,
 				),
 			),
 		),
@@ -229,7 +235,7 @@ func main() {
 		grpc.WithTransportCredentials(
 			grpcfd.TransportCredentials(
 				credentials.NewTLS(
-					tlsconfig.MTLSClientConfig(source, source, tlsconfig.AuthorizeAny()),
+					tlsClientConfig,
 				),
 			),
 		),