3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-04 01:09:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

internal/controlplane: set minimum tls version (#854)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2020-06-10 09:08:05 -07:00 committed by GitHub
parent b8ccfee499
commit b00acad517
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/controlplane/xds_listeners.go
View file

@ -361,6 +361,9 @@ func buildDownstreamTLSContext(options *config.Options, domain string) *envoy_ex
envoyCert := envoyTLSCertificateFromGoTLSCertificate(cert)
return &envoy_extensions_transport_sockets_tls_v3.DownstreamTlsContext{
CommonTlsContext: &envoy_extensions_transport_sockets_tls_v3.CommonTlsContext{
TlsParams: &envoy_extensions_transport_sockets_tls_v3.TlsParameters{
TlsMinimumProtocolVersion: envoy_extensions_transport_sockets_tls_v3.TlsParameters_TLSv1_2,
},
TlsCertificates: []*envoy_extensions_transport_sockets_tls_v3.TlsCertificate{envoyCert},
AlpnProtocols: []string{"h2", "http/1.1"},
ValidationContextType: validationContext,

3
internal/controlplane/xds_listeners_test.go
View file

@ -303,6 +303,9 @@ func Test_buildDownstreamTLSContext(t *testing.T) {
testutil.AssertProtoJSONEqual(t, `{
"commonTlsContext": {
"tlsParams": {
"tlsMinimumProtocolVersion": "TLSv1_2"
},
"alpnProtocols": ["h2", "http/1.1"],
"tlsCertificates": [
{