tls: Change default tls minimum version to 1.2 (#2053)

13dfffd2 · Chris Werner Rau · Matt Holt · 5552dcbb · 13dfffd2 · 13dfffd2
Commit 13dfffd2 authored Mar 10, 2018 by Chris Werner Rau Committed by Matt Holt Mar 10, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

caddytls/config.go caddytls/config.go +1 -1

caddytls/setup_test.go caddytls/setup_test.go +2 -2

No files found.
--- a/caddytls/config.go
+++ b/caddytls/config.go
@@ -511,7 +511,7 @@ func SetDefaultTLSParams(config *Config) {
 	// Set default protocol min and max versions - must balance compatibility and security
 	if config.ProtocolMinVersion == 0 {
-		config.ProtocolMinVersion = tls.VersionTLS11
+		config.ProtocolMinVersion = tls.VersionTLS12
 	}
 	if config.ProtocolMaxVersion == 0 {
 		config.ProtocolMaxVersion = tls.VersionTLS12

--- a/caddytls/setup_test.go
+++ b/caddytls/setup_test.go
@@ -67,8 +67,8 @@ func TestSetupParseBasic(t *testing.T) {
 	}
 	// Security defaults
-	if cfg.ProtocolMinVersion != tls.VersionTLS11 {
+	if cfg.ProtocolMinVersion != tls.VersionTLS12 {
-		t.Errorf("Expected 'tls1.1 (0x0302)' as ProtocolMinVersion, got %#v", cfg.ProtocolMinVersion)
+		t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMinVersion, got %#v", cfg.ProtocolMinVersion)
 	}
 	if cfg.ProtocolMaxVersion != tls.VersionTLS12 {
 		t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", cfg.ProtocolMaxVersion)