Set minumum TLS version to 1.2 (#498)

* add tls 1.2 Signed-off-by: Nikita Skrynnik <[email protected]> * fix generation Signed-off-by: Nikita Skrynnik <[email protected]> * fix linter Signed-off-by: Nikita Skrynnik <[email protected]>
networkservicemesh · May 29, 2022 · 608d302 · 608d302
1 parent ef53231
commit 608d302
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/internal/imports/gen.go b/internal/imports/gen.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2021 Cisco and/or its affiliates.
+// Copyright (c) 2020-2022 Cisco and/or its affiliates.
 //
 // SPDX-License-Identifier: Apache-2.0
 //
@@ -18,5 +18,5 @@
 package imports
 
 //go:generate bash -c "rm -rf imports*.go"
-//go:generate bash -c "cd $(mktemp -d) && GO111MODULE=on go get github.com/edwarnicke/[email protected]"
+//go:generate bash -c "cd $(mktemp -d) && GO111MODULE=on go install github.com/edwarnicke/[email protected]"
 //go:generate bash -c "GOOS=linux ${GOPATH}/bin/imports-gen"
diff --git a/internal/imports/imports_linux.go b/internal/imports/imports_linux.go
@@ -3,6 +3,7 @@ package imports
 
 import (
 	_ "context"
+	_ "crypto/tls"
 	_ "fmt"
 	_ "github.com/antonfisher/nested-logrus-formatter"
 	_ "github.com/edwarnicke/grpcfd"

diff --git a/internal/manager/manager.go b/internal/manager/manager.go
@@ -20,6 +20,7 @@ package manager
 
 import (
 	"context"
+	"crypto/tls"
 	"net"
 	"net/url"
 	"os"
@@ -111,6 +112,11 @@ func RunNsmgr(ctx context.Context, configuration *config.Config) error {
 
 	u := genPublishableURL(configuration.ListenOn, m.logger)
 
+	tlsClientConfig := tlsconfig.MTLSClientConfig(m.source, m.source, tlsconfig.AuthorizeAny())
+	tlsClientConfig.MinVersion = tls.VersionTLS12
+	tlsServerConfig := tlsconfig.MTLSServerConfig(m.source, m.source, tlsconfig.AuthorizeAny())
+	tlsServerConfig.MinVersion = tls.VersionTLS12
+
 	mgrOptions := []nsmgr.Option{
 		nsmgr.WithName(configuration.Name),
 		nsmgr.WithURL(u.String()),
@@ -121,7 +127,7 @@ func RunNsmgr(ctx context.Context, configuration *config.Config) error {
 			append(tracing.WithTracingDial(),
 				grpc.WithTransportCredentials(
 					GrpcfdTransportCredentials(
-						credentials.NewTLS(tlsconfig.MTLSClientConfig(m.source, m.source, tlsconfig.AuthorizeAny())),
+						credentials.NewTLS(tlsClientConfig),
 					),
 				),
 				grpc.WithBlock(),
@@ -147,7 +153,7 @@ func RunNsmgr(ctx context.Context, configuration *config.Config) error {
 		tracing.WithTracing(),
 		grpc.Creds(
 			GrpcfdTransportCredentials(
-				credentials.NewTLS(tlsconfig.MTLSServerConfig(m.source, m.source, tlsconfig.AuthorizeAny())),
+				credentials.NewTLS(tlsServerConfig),
 			),
 		),
 	)