mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-11-26 15:05:50 +03:00
* app, dnsforward: add MinVersion for TLS configs
This commit is contained in:
parent
faeda3f075
commit
c82887d3aa
3 changed files with 11 additions and 3 deletions
1
app.go
1
app.go
|
@ -197,6 +197,7 @@ func run(args options) {
|
||||||
Addr: address,
|
Addr: address,
|
||||||
TLSConfig: &tls.Config{
|
TLSConfig: &tls.Config{
|
||||||
Certificates: []tls.Certificate{cert},
|
Certificates: []tls.Certificate{cert},
|
||||||
|
MinVersion: tls.VersionTLS12,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -175,7 +175,10 @@ func (s *Server) startInternal(config *ServerConfig) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errorx.Decorate(err, "Failed to parse TLS keypair")
|
return errorx.Decorate(err, "Failed to parse TLS keypair")
|
||||||
}
|
}
|
||||||
proxyConfig.TLSConfig = &tls.Config{Certificates: []tls.Certificate{keypair}}
|
proxyConfig.TLSConfig = &tls.Config{
|
||||||
|
Certificates: []tls.Certificate{keypair},
|
||||||
|
MinVersion: tls.VersionTLS12,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if proxyConfig.UDPListenAddr == nil {
|
if proxyConfig.UDPListenAddr == nil {
|
||||||
|
|
|
@ -101,7 +101,11 @@ func TestDotServer(t *testing.T) {
|
||||||
// Add our self-signed generated config to roots
|
// Add our self-signed generated config to roots
|
||||||
roots := x509.NewCertPool()
|
roots := x509.NewCertPool()
|
||||||
roots.AppendCertsFromPEM(certPem)
|
roots.AppendCertsFromPEM(certPem)
|
||||||
tlsConfig := &tls.Config{ServerName: tlsServerName, RootCAs: roots}
|
tlsConfig := &tls.Config{
|
||||||
|
ServerName: tlsServerName,
|
||||||
|
RootCAs: roots,
|
||||||
|
MinVersion: tls.VersionTLS12,
|
||||||
|
}
|
||||||
|
|
||||||
// Create a DNS-over-TLS client connection
|
// Create a DNS-over-TLS client connection
|
||||||
addr := s.dnsProxy.Addr(proxy.ProtoTLS)
|
addr := s.dnsProxy.Addr(proxy.ProtoTLS)
|
||||||
|
@ -459,7 +463,7 @@ func createServerTLSConfig(t *testing.T) (*tls.Config, []byte, []byte) {
|
||||||
t.Fatalf("failed to create certificate: %s", err)
|
t.Fatalf("failed to create certificate: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return &tls.Config{Certificates: []tls.Certificate{cert}, ServerName: tlsServerName}, certPem, keyPem
|
return &tls.Config{Certificates: []tls.Certificate{cert}, ServerName: tlsServerName, MinVersion: tls.VersionTLS12}, certPem, keyPem
|
||||||
}
|
}
|
||||||
|
|
||||||
func createDataDir(t *testing.T) string {
|
func createDataDir(t *testing.T) string {
|
||||||
|
|
Loading…
Reference in a new issue