Merge pull request #496 from NikitaSkrynnik/tls12

Set minumum TLS version to 1.2

main.go

@@ -21,6 +21,7 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
 	"net"
 	"net/url"
 	"os"
@@ -120,7 +121,12 @@ func main() {
 	}
 	logrus.Infof("SVID: %q", svid.ID)
 
-	tlsCreds := credentials.NewTLS(tlsconfig.MTLSServerConfig(source, source, tlsconfig.AuthorizeAny()))
+	tlsClientConfig := tlsconfig.MTLSClientConfig(source, source, tlsconfig.AuthorizeAny())
+	tlsClientConfig.MinVersion = tls.VersionTLS12
+	tlsServerConfig := tlsconfig.MTLSServerConfig(source, source, tlsconfig.AuthorizeAny())
+	tlsServerConfig.MinVersion = tls.VersionTLS12
+
+	tlsCreds := credentials.NewTLS(tlsServerConfig)
 	// Create GRPC Server and register services
 	server := grpc.NewServer(append(tracing.WithTracing(), grpc.Creds(tlsCreds))...)
 
@@ -131,7 +137,7 @@ func main() {
 		grpc.WithTransportCredentials(
 			grpcfd.TransportCredentials(
 				credentials.NewTLS(
-					tlsconfig.MTLSClientConfig(source, source, tlsconfig.AuthorizeAny()),
+					tlsClientConfig,
 				),
 			),
 		),

pkg/imports/gen.go

@@ -2,6 +2,8 @@
 //
 // Copyright (c) 2021 Doc.ai and/or its affiliates.
 //
+// Copyright (c) 2022 Cisco and/or its affiliates.
+//
 // SPDX-License-Identifier: Apache-2.0
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,5 +21,5 @@
 package imports
 
 //go:generate bash -c "rm -rf imports*.go"
-//go:generate bash -c "cd $(mktemp -d) && GO111MODULE=on go get github.com/edwarnicke/imports-gen@v1.1.0"
+//go:generate bash -c "cd $(mktemp -d) && GO111MODULE=on go install github.com/edwarnicke/imports-gen@v1.1.0"
 //go:generate bash -c "GOOS=linux ${GOPATH}/bin/imports-gen"

pkg/imports/imports_linux.go

@@ -3,6 +3,7 @@ package imports
 
 import (
 	_ "context"
+	_ "crypto/tls"
 	_ "fmt"
 	_ "github.com/antonfisher/nested-logrus-formatter"
 	_ "github.com/edwarnicke/exechelper"