From fad6ba071223ac7d5f2ca17d56b07f5bf56cde6c Mon Sep 17 00:00:00 2001
From: Nikita Skrynnik <nikita.skrynnik@xored.com>
Date: Wed, 18 May 2022 21:44:47 +0700
Subject: [PATCH] add tls 1.2

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>
---
 main.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/main.go b/main.go
index 7213275..76913a4 100644
--- a/main.go
+++ b/main.go
@@ -21,6 +21,7 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
 	"io/ioutil"
 	"net/url"
 	"os"
@@ -164,6 +165,11 @@ func main() {
 	}
 	logger.Infof("SVID: %q", svid.ID)
 
+	tlsClientConfig := tlsconfig.MTLSClientConfig(source, source, tlsconfig.AuthorizeAny())
+	tlsClientConfig.MinVersion = tls.VersionTLS12
+	tlsServerConfig := tlsconfig.MTLSServerConfig(source, source, tlsconfig.AuthorizeAny())
+	tlsServerConfig.MinVersion = tls.VersionTLS12
+
 	// ********************************************************************************
 	logger.Infof("executing phase 3: getting kubernetes config and pod description")
 	// ********************************************************************************
@@ -202,7 +208,7 @@ func main() {
 		grpc.Creds(
 			grpcfd.TransportCredentials(
 				credentials.NewTLS(
-					tlsconfig.MTLSServerConfig(source, source, tlsconfig.AuthorizeAny()),
+					tlsServerConfig,
 				),
 			),
 		),
@@ -229,7 +235,7 @@ func main() {
 		grpc.WithTransportCredentials(
 			grpcfd.TransportCredentials(
 				credentials.NewTLS(
-					tlsconfig.MTLSClientConfig(source, source, tlsconfig.AuthorizeAny()),
+					tlsClientConfig,
 				),
 			),
 		),