tls: Change default tls minimum version to 1.2 (#2053)

2025-02-05 16:48:27 +03:00 · 2018-03-10 16:39:07 +01:00 · 2018-03-10 16:39:07 +01:00 · 13dfffd203
commit 13dfffd203
parent 5552dcbbc7
2 changed files with 3 additions and 3 deletions
--- a/caddytls/config.go
+++ b/caddytls/config.go
@ -511,7 +511,7 @@ func SetDefaultTLSParams(config *Config) {
 	// Set default protocol min and max versions - must balance compatibility and security
 	if config.ProtocolMinVersion == 0 {
-		config.ProtocolMinVersion = tls.VersionTLS11
+		config.ProtocolMinVersion = tls.VersionTLS12
 	}
 	if config.ProtocolMaxVersion == 0 {
 		config.ProtocolMaxVersion = tls.VersionTLS12
--- a/caddytls/setup_test.go
+++ b/caddytls/setup_test.go
@ -67,8 +67,8 @@ func TestSetupParseBasic(t *testing.T) {
 	}
 	// Security defaults
-	if cfg.ProtocolMinVersion != tls.VersionTLS11 {
+	if cfg.ProtocolMinVersion != tls.VersionTLS12 {
-		t.Errorf("Expected 'tls1.1 (0x0302)' as ProtocolMinVersion, got %#v", cfg.ProtocolMinVersion)
+		t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMinVersion, got %#v", cfg.ProtocolMinVersion)
 	}
 	if cfg.ProtocolMaxVersion != tls.VersionTLS12 {
 		t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", cfg.ProtocolMaxVersion)