require tls 1.2

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
2026-05-14 19:24:14 -04:00 · 2024-10-22 10:56:04 +02:00
parent dd66ee19d1
commit 6b97c74c40
5 changed files with 11 additions and 2 deletions
--- a/ocis-pkg/service/grpc/client.go
+++ b/ocis-pkg/service/grpc/client.go
@@ -81,7 +81,9 @@ func NewClient(opts ...ClientOption) (client.Client, error) {
 		}
 		cOpts = append(cOpts, mgrpcc.AuthTLS(tlsConfig))
 	case "on":
-		tlsConfig = &tls.Config{}
+		tlsConfig = &tls.Config{
+			MinVersion: tls.VersionTLS12,
+		}
 		// Note: If caCert is empty we use the system's default set of trusted CAs
 		if options.caCert != "" {
 			certs := x509.NewCertPool()
--- a/ocis/pkg/command/benchmark.go
+++ b/ocis/pkg/command/benchmark.go
@@ -207,7 +207,10 @@ func client(o clientOptions) error {
 	for i := 0; i < o.jobs; i++ {
 		go func(i int) {
 			tr := &http.Transport{
-				TLSClientConfig: &tls.Config{InsecureSkipVerify: o.insecure},
+				TLSClientConfig: &tls.Config{
+					MinVersion:         tls.VersionTLS12,
+					InsecureSkipVerify: o.insecure,
+				},
 			}
 			client := &http.Client{Transport: tr}

--- a/services/collaboration/pkg/connector/contentconnector.go
+++ b/services/collaboration/pkg/connector/contentconnector.go
@@ -148,6 +148,7 @@ func (c *ContentConnector) GetFile(ctx context.Context, w http.ResponseWriter) e
 	httpClient := http.Client{
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{
+				MinVersion:         tls.VersionTLS12,
 				InsecureSkipVerify: c.cfg.CS3Api.DataGateway.Insecure,
 			},
 		},
@@ -312,6 +313,7 @@ func (c *ContentConnector) PutFile(ctx context.Context, stream io.Reader, stream
 		httpClient := http.Client{
 			Transport: &http.Transport{
 				TLSClientConfig: &tls.Config{
+					MinVersion:         tls.VersionTLS12,
 					InsecureSkipVerify: c.cfg.CS3Api.DataGateway.Insecure,
 				},
 			},
--- a/services/collaboration/pkg/helpers/discovery.go
+++ b/services/collaboration/pkg/helpers/discovery.go
@@ -22,6 +22,7 @@ func GetAppURLs(cfg *config.Config, logger log.Logger) (map[string]map[string]st
 	httpClient := http.Client{
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{
+				MinVersion:         tls.VersionTLS12,
 				InsecureSkipVerify: cfg.App.Insecure,
 			},
 		},
--- a/services/collaboration/pkg/proofkeys/handler.go
+++ b/services/collaboration/pkg/proofkeys/handler.go
@@ -198,6 +198,7 @@ func (vh *VerifyHandler) fetchPublicKeys(logger *zerolog.Logger) (*PubKeys, erro
 	httpClient := http.Client{
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{
+				MinVersion:         tls.VersionTLS12,
 				InsecureSkipVerify: vh.insecure,
 			},
 		},