Change MinTLSVersion to TLSv1.2 (#437)

Co-authored-by: djshow832 <[email protected]>
pingcap · Jan 5, 2024 · 8191da9 · 8191da9
1 parent 9fd81b4
commit 8191da9
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/lib/config/proxy.go b/lib/config/proxy.go
@@ -145,10 +145,10 @@ func NewConfig() *Config {
 	cfg.Log.LogFile.MaxBackups = 3
 
 	cfg.Advance.IgnoreWrongNamespace = true
-	cfg.Security.SQLTLS.MinTLSVersion = "1.1"
-	cfg.Security.ServerSQLTLS.MinTLSVersion = "1.1"
-	cfg.Security.ServerHTTPTLS.MinTLSVersion = "1.1"
-	cfg.Security.ClusterTLS.MinTLSVersion = "1.1"
+	cfg.Security.SQLTLS.MinTLSVersion = "1.2"
+	cfg.Security.ServerSQLTLS.MinTLSVersion = "1.2"
+	cfg.Security.ServerHTTPTLS.MinTLSVersion = "1.2"
+	cfg.Security.ClusterTLS.MinTLSVersion = "1.2"
 
 	return &cfg
 }

diff --git a/pkg/server/api/config_test.go b/pkg/server/api/config_test.go
@@ -50,16 +50,16 @@ ignore-wrong-namespace = true
 
 [security]
 [security.server-tls]
-min-tls-version = '1.1'
+min-tls-version = '1.2'
 
 [security.server-http-tls]
-min-tls-version = '1.1'
+min-tls-version = '1.2'
 
 [security.cluster-tls]
-min-tls-version = '1.1'
+min-tls-version = '1.2'
 
 [security.sql-tls]
-min-tls-version = '1.1'
+min-tls-version = '1.2'
 
 [log]
 encoder = 'tidb'
@@ -75,7 +75,7 @@ max-backups = 3
 	doHTTP(t, http.MethodGet, "/api/admin/config?format=json", nil, func(t *testing.T, r *http.Response) {
 		all, err := io.ReadAll(r.Body)
 		require.NoError(t, err)
-		require.Equal(t, `{"proxy":{"addr":"0.0.0.0:6000","pd-addrs":"127.0.0.1:2379","frontend-keepalive":{"enabled":true},"backend-healthy-keepalive":{"enabled":true,"idle":60000000000,"cnt":5,"intvl":3000000000,"timeout":15000000000},"backend-unhealthy-keepalive":{"enabled":true,"idle":10000000000,"cnt":5,"intvl":1000000000,"timeout":5000000000},"graceful-close-conn-timeout":15},"api":{"addr":"0.0.0.0:3080"},"advance":{"ignore-wrong-namespace":true},"security":{"server-tls":{"min-tls-version":"1.1"},"server-http-tls":{"min-tls-version":"1.1"},"cluster-tls":{"min-tls-version":"1.1"},"sql-tls":{"min-tls-version":"1.1"}},"log":{"encoder":"tidb","level":"info","log-file":{"max-size":300,"max-days":3,"max-backups":3}}}`,
+		require.Equal(t, `{"proxy":{"addr":"0.0.0.0:6000","pd-addrs":"127.0.0.1:2379","frontend-keepalive":{"enabled":true},"backend-healthy-keepalive":{"enabled":true,"idle":60000000000,"cnt":5,"intvl":3000000000,"timeout":15000000000},"backend-unhealthy-keepalive":{"enabled":true,"idle":10000000000,"cnt":5,"intvl":1000000000,"timeout":5000000000},"graceful-close-conn-timeout":15},"api":{"addr":"0.0.0.0:3080"},"advance":{"ignore-wrong-namespace":true},"security":{"server-tls":{"min-tls-version":"1.2"},"server-http-tls":{"min-tls-version":"1.2"},"cluster-tls":{"min-tls-version":"1.2"},"sql-tls":{"min-tls-version":"1.2"}},"log":{"encoder":"tidb","level":"info","log-file":{"max-size":300,"max-days":3,"max-backups":3}}}`,
 			string(regexp.MustCompile(`"workdir":"[^"]+",`).ReplaceAll(all, nil)))
 		require.Equal(t, http.StatusOK, r.StatusCode)
 	})