Add option to specify the tls-min-version for the server

2025-06-15 00:15:00 +02:00 · 2021-12-17 00:01:32 +01:00
parent 11699a822a
commit e03cf87dd8
8 changed files with 93 additions and 8 deletions
--- a/pkg/http/server.go
+++ b/pkg/http/server.go
@ -91,7 +91,7 @@ func (s *server) setupTLSListener(opts Opts) error {
 	}

 	config := &tls.Config{
-		MinVersion: tls.VersionTLS12,
+		MinVersion: tls.VersionTLS12, // default, override below
 		MaxVersion: tls.VersionTLS13,
 		NextProtos: []string{"http/1.1"},
 	}
@ -104,6 +104,17 @@ func (s *server) setupTLSListener(opts Opts) error {
 	}
 	config.Certificates = []tls.Certificate{cert}

+	if len(opts.TLS.MinVersion) > 0 {
+		switch opts.TLS.MinVersion {
+		case "TLS1.2":
+			config.MinVersion = tls.VersionTLS12
+		case "TLS1.3":
+			config.MinVersion = tls.VersionTLS13
+		default:
+			return errors.New("unknown TLS MinVersion config provided")
+		}
+	}
+
 	listenAddr := getListenAddress(opts.SecureBindAddress)

 	listener, err := net.Listen("tcp", listenAddr)