allow to configure the minimum version of TLS to be enabled

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-07 06:40:54 +03:00 · 2022-02-13 15:56:07 +01:00
parent 66945c0a02
commit 1fccd05e9e
13 changed files with 96 additions and 7 deletions
--- a/telemetry/telemetry.go
+++ b/telemetry/telemetry.go
@@ -63,6 +63,8 @@ type Conf struct {
 	// any invalid name will be silently ignored.
 	// The order matters, the ciphers listed first will be the preferred ones.
 	TLSCipherSuites []string `json:"tls_cipher_suites" mapstructure:"tls_cipher_suites"`
+	// Defines the minimum TLS version. 13 means TLS 1.3, default is TLS 1.2
+	MinTLSVersion int `json:"min_tls_version" mapstructure:"min_tls_version"`
 }

 // ShouldBind returns true if there service must be started
@@ -104,7 +106,7 @@ func (c Conf) Initialize(configDir string) error {
 		}
 		config := &tls.Config{
 			GetCertificate:           certMgr.GetCertificateFunc(),
-			MinVersion:               tls.VersionTLS12,
+			MinVersion:               util.GetTLSVersion(c.MinTLSVersion),
 			NextProtos:               []string{"http/1.1", "h2"},
 			CipherSuites:             util.GetTLSCiphersFromNames(c.TLSCipherSuites),
 			PreferServerCipherSuites: true,