Don't accept TLS 1.0/1.1 Connections (Azure#3378)

* Update dbokten server * Update frontend * Update portal * Update proxy --------- Co-authored-by: Nicolas Ontiveros <[email protected]>
tsatam · Feb 16, 2024 · 7f99749 · 7f99749
1 parent 00a44ec
commit 7f99749
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 0 deletions.
diff --git a/pkg/dbtoken/server.go b/pkg/dbtoken/server.go
@@ -64,6 +64,7 @@ func NewServer(
 		},
 		NextProtos:             []string{"h2", "http/1.1"},
 		SessionTicketsDisabled: true,
+		MinVersion:             tls.VersionTLS12,
 		CurvePreferences: []tls.CurveID{
 			tls.CurveP256,
 			tls.X25519,

diff --git a/pkg/frontend/frontend.go b/pkg/frontend/frontend.go
@@ -203,6 +203,7 @@ func NewFrontend(ctx context.Context,
 		NextProtos:             []string{"h2", "http/1.1"},
 		ClientAuth:             tls.RequestClientCert,
 		SessionTicketsDisabled: true,
+		MinVersion:             tls.VersionTLS12,
 		CurvePreferences: []tls.CurveID{
 			tls.CurveP256,
 			tls.X25519,

diff --git a/pkg/portal/portal.go b/pkg/portal/portal.go
@@ -214,6 +214,7 @@ func (p *portal) Run(ctx context.Context) error {
 		},
 		NextProtos:             []string{"h2", "http/1.1"},
 		SessionTicketsDisabled: true,
+		MinVersion:             tls.VersionTLS12,
 		CurvePreferences: []tls.CurveID{
 			tls.CurveP256,
 			tls.X25519,

diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go
@@ -76,6 +76,7 @@ func (s *Server) Run() error {
 		ClientCAs:              pool,
 		ClientAuth:             tls.RequireAndVerifyClientCert,
 		SessionTicketsDisabled: true,
+		MinVersion:             tls.VersionTLS12,
 		CurvePreferences: []tls.CurveID{
 			tls.CurveP256,
 			tls.X25519,