From 8191da97651a5e3f987b88b37647abc300d84658 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Fri, 5 Jan 2024 09:35:43 +0100 Subject: [PATCH] Change MinTLSVersion to TLSv1.2 (#437) Co-authored-by: djshow832 --- lib/config/proxy.go | 8 ++++---- pkg/server/api/config_test.go | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/config/proxy.go b/lib/config/proxy.go index 7fbe5774..eeb888a8 100644 --- a/lib/config/proxy.go +++ b/lib/config/proxy.go @@ -145,10 +145,10 @@ func NewConfig() *Config { cfg.Log.LogFile.MaxBackups = 3 cfg.Advance.IgnoreWrongNamespace = true - cfg.Security.SQLTLS.MinTLSVersion = "1.1" - cfg.Security.ServerSQLTLS.MinTLSVersion = "1.1" - cfg.Security.ServerHTTPTLS.MinTLSVersion = "1.1" - cfg.Security.ClusterTLS.MinTLSVersion = "1.1" + cfg.Security.SQLTLS.MinTLSVersion = "1.2" + cfg.Security.ServerSQLTLS.MinTLSVersion = "1.2" + cfg.Security.ServerHTTPTLS.MinTLSVersion = "1.2" + cfg.Security.ClusterTLS.MinTLSVersion = "1.2" return &cfg } diff --git a/pkg/server/api/config_test.go b/pkg/server/api/config_test.go index 3b19ba47..02700139 100644 --- a/pkg/server/api/config_test.go +++ b/pkg/server/api/config_test.go @@ -50,16 +50,16 @@ ignore-wrong-namespace = true [security] [security.server-tls] -min-tls-version = '1.1' +min-tls-version = '1.2' [security.server-http-tls] -min-tls-version = '1.1' +min-tls-version = '1.2' [security.cluster-tls] -min-tls-version = '1.1' +min-tls-version = '1.2' [security.sql-tls] -min-tls-version = '1.1' +min-tls-version = '1.2' [log] encoder = 'tidb' @@ -75,7 +75,7 @@ max-backups = 3 doHTTP(t, http.MethodGet, "/api/admin/config?format=json", nil, func(t *testing.T, r *http.Response) { all, err := io.ReadAll(r.Body) require.NoError(t, err) - require.Equal(t, `{"proxy":{"addr":"0.0.0.0:6000","pd-addrs":"127.0.0.1:2379","frontend-keepalive":{"enabled":true},"backend-healthy-keepalive":{"enabled":true,"idle":60000000000,"cnt":5,"intvl":3000000000,"timeout":15000000000},"backend-unhealthy-keepalive":{"enabled":true,"idle":10000000000,"cnt":5,"intvl":1000000000,"timeout":5000000000},"graceful-close-conn-timeout":15},"api":{"addr":"0.0.0.0:3080"},"advance":{"ignore-wrong-namespace":true},"security":{"server-tls":{"min-tls-version":"1.1"},"server-http-tls":{"min-tls-version":"1.1"},"cluster-tls":{"min-tls-version":"1.1"},"sql-tls":{"min-tls-version":"1.1"}},"log":{"encoder":"tidb","level":"info","log-file":{"max-size":300,"max-days":3,"max-backups":3}}}`, + require.Equal(t, `{"proxy":{"addr":"0.0.0.0:6000","pd-addrs":"127.0.0.1:2379","frontend-keepalive":{"enabled":true},"backend-healthy-keepalive":{"enabled":true,"idle":60000000000,"cnt":5,"intvl":3000000000,"timeout":15000000000},"backend-unhealthy-keepalive":{"enabled":true,"idle":10000000000,"cnt":5,"intvl":1000000000,"timeout":5000000000},"graceful-close-conn-timeout":15},"api":{"addr":"0.0.0.0:3080"},"advance":{"ignore-wrong-namespace":true},"security":{"server-tls":{"min-tls-version":"1.2"},"server-http-tls":{"min-tls-version":"1.2"},"cluster-tls":{"min-tls-version":"1.2"},"sql-tls":{"min-tls-version":"1.2"}},"log":{"encoder":"tidb","level":"info","log-file":{"max-size":300,"max-days":3,"max-backups":3}}}`, string(regexp.MustCompile(`"workdir":"[^"]+",`).ReplaceAll(all, nil))) require.Equal(t, http.StatusOK, r.StatusCode) })