tls: require min TLS version 1.3

Deny deprecated TLS versions (1.0 and 1.1). We don't really excpect other clients than NFD itself so we can just request the latest version.
2024-12-14 11:57:51 +00:00 · 2022-02-25 10:08:37 +02:00 · 2022-02-25 10:08:37 +02:00 · f9b4ba87a8
commit f9b4ba87a8
parent 87aca5d997
2 changed files with 2 additions and 0 deletions
--- a/pkg/nfd-client/base.go
+++ b/pkg/nfd-client/base.go
@ -118,6 +118,7 @@ func (w *NfdBaseClient) Connect() error {
 			Certificates: []tls.Certificate{cert},
 			RootCAs:      caPool,
 			ServerName:   w.args.ServerNameOverride,
+			MinVersion:   tls.VersionTLS13,
 		}
 		dialOpts = append(dialOpts, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)))
 	} else {
--- a/pkg/utils/tls.go
+++ b/pkg/utils/tls.go
@ -65,6 +65,7 @@ func (c *TlsConfig) UpdateConfig(certFile, keyFile, caFile string) error {
 		ClientCAs:          caPool,
 		ClientAuth:         tls.RequireAndVerifyClientCert,
 		GetConfigForClient: c.GetConfig,
+		MinVersion:         tls.VersionTLS13,
 	}
 	return nil
 }