Disable TLS 1.0/1.1 on inbound HTTPS connections

Andrew Kerr · Andrew Kerr · commit d828602601f6 · 2021-06-16T12:39:25.000-04:00
diff --git a/frontend/rest/apiserver_https.go b/frontend/rest/apiserver_https.go
@@ -1,4 +1,4 @@
-// Copyright 2019 NetApp, Inc. All Rights Reserved.
+// Copyright 2021 NetApp, Inc. All Rights Reserved.
 
 package rest
 
@@ -34,7 +34,7 @@ func NewHTTPSServer(
 		server: &http.Server{
 			Addr:         fmt.Sprintf("%s:%s", address, port),
 			Handler:      &tlsAuthHandler{handler: handler},
-			TLSConfig:    &tls.Config{ClientAuth: tls.RequireAndVerifyClientCert},
+			TLSConfig:    &tls.Config{ClientAuth: tls.RequireAndVerifyClientCert, MinVersion: config.MinTLSVersion},
 			ReadTimeout:  config.HTTPTimeout,
 			WriteTimeout: config.HTTPTimeout,
 		},
