tAllow different TLS versions. - tlstun - simple go program to add tls support to other listeners
(HTM) git clone https://git.parazyd.org/tlstun
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 39b27c5d1587742ae027a194d09a22102dc92e50
(DIR) parent 2154d3738ec30d05d284afa66f6f41afac39ca1b
(HTM) Author: parazyd <parazyd@dyne.org>
Date: Tue, 9 Jul 2019 15:38:09 +0200
Allow different TLS versions.
Diffstat:
M tlstun.go | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
---
(DIR) diff --git a/tlstun.go b/tlstun.go
t@@ -48,10 +48,7 @@ func tlsConfig(cert, key string) (*tls.Config, error) {
return nil, err
}
- tlscfg := &tls.Config{
- Certificates: []tls.Certificate{creds},
- MinVersion: tls.VersionTLS12,
- }
+ tlscfg := &tls.Config{Certificates: []tls.Certificate{creds}}
if *client {
certpool := x509.NewCertPool()
t@@ -66,6 +63,16 @@ func tlsConfig(cert, key string) (*tls.Config, error) {
tlscfg.ClientAuth = tls.RequireAndVerifyClientCert
}
+ switch *tlsver {
+ case 11:
+ tlscfg.MinVersion = tls.VersionTLS11
+ case 12:
+ tlscfg.MinVersion = tls.VersionTLS12
+ case 13:
+ default:
+ tlscfg.MinVersion = tls.VersionTLS13
+ }
+
return tlscfg, nil
}