go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-01-23 10:41:03 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

As the default value is TLS 1.0, which is considered insecure, it is recommended to explicitly set the MinVersion to a secure version of TLS

Browse Source
This commit is contained in:
Gerasimos (Makis) Maropoulos 2022-03-06 19:43:09 +02:00
parent 410e5eae83
commit a5c43f1d9d
No known key found for this signature in database
GPG Key ID: 66FCC29BD385FCA6
5 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/host/proxy.go
View File

@ -22,7 +22,7 @@ import (
// Look `ProxyHandlerRemote` too.
func ProxyHandler(target *url.URL, config *tls.Config) *httputil.ReverseProxy {
if config == nil {
config = &tls.Config{}
config = &tls.Config{MinVersion: tls.VersionTLS11}
}
director := func(req *http.Request) {
@ -89,7 +89,7 @@ func modifyProxiedRequest(req *http.Request, target *url.URL) {
// Look `ProxyHandler` too.
func ProxyHandlerRemote(target *url.URL, config *tls.Config) *httputil.ReverseProxy {
if config == nil {
config = &tls.Config{}
config = &tls.Config{MinVersion: tls.VersionTLS11}
}
director := func(req *http.Request) {

1
core/host/proxy_test.go
View File

@ -27,6 +27,7 @@ func TestProxy(t *testing.T) {
config := &tls.Config{
InsecureSkipVerify: true,
MinVersion: tls.VersionTLS11,
MaxVersion: tls.VersionTLS12,
}
proxy := host.NewProxy("", u, config)

2
core/host/supervisor_test.go
View File

@ -25,7 +25,7 @@ func newTester(t *testing.T, baseURL string, handler http.Handler) *httpexpect.E
if strings.HasPrefix(baseURL, "http") { // means we are testing real serve time
transporter = &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
TLSClientConfig: &tls.Config{InsecureSkipVerify: true, MinVersion: tls.VersionTLS11},
}
} else { // means we are testing the handler itself
transporter = httpexpect.NewBinder(handler)

2
core/netutil/tcp.go
View File

@ -145,7 +145,7 @@ func LETSENCRYPT(addr string, reuse bool, serverName string, cacheDirOptional ..
} else {
m.Cache = autocert.DirCache(cacheDir)
}
tlsConfig := &tls.Config{GetCertificate: m.GetCertificate}
tlsConfig := &tls.Config{GetCertificate: m.GetCertificate, MinVersion: tls.VersionTLS13}
// use InsecureSkipVerify or ServerName to a value
if serverName == "" {

2
httptest/httptest.go
View File

@ -153,7 +153,7 @@ func NewInsecure(t *testing.T, setters ...OptionSetter) *httpexpect.Expect {
setter.Set(conf)
}
transport := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // lint:ignore
TLSClientConfig: &tls.Config{InsecureSkipVerify: true, MinVersion: tls.VersionTLS11}, // lint:ignore
}
testConfiguration := httpexpect.Config{