From 4fac479dfd5f4fa2c954050197478f90b3090ee2 Mon Sep 17 00:00:00 2001
From: Artem Torubarov <artem.torubarov@clyso.com>
Date: Tue, 19 Nov 2024 09:57:23 +0100
Subject: [PATCH] redis tls min version

Signed-off-by: Artem Torubarov <artem.torubarov@clyso.com>
---
 pkg/util/redis.go | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/pkg/util/redis.go b/pkg/util/redis.go
index a47c2ee..47ff5eb 100644
--- a/pkg/util/redis.go
+++ b/pkg/util/redis.go
@@ -19,7 +19,10 @@ func NewRedis(conf *config.Redis, db int) redis.UniversalClient {
 		MasterName:       conf.Sentinel.MasterName,
 	}
 	if conf.TLS.Enabled {
-		opt.TLSConfig = &tls.Config{InsecureSkipVerify: conf.TLS.Insecure}
+		opt.TLSConfig = &tls.Config{
+			MinVersion:         tls.VersionTLS12,
+			InsecureSkipVerify: conf.TLS.Insecure,
+		}
 	}
 	return redis.NewUniversalClient(opt)
 }
@@ -30,7 +33,10 @@ func NewRedisAsynq(conf *config.Redis, db int) asynq.RedisConnOpt {
 		// Standalone
 		opt := asynq.RedisClientOpt{Addr: addresses[0], Username: conf.User, Password: conf.Password, DB: db}
 		if conf.TLS.Enabled {
-			opt.TLSConfig = &tls.Config{InsecureSkipVerify: conf.TLS.Insecure}
+			opt.TLSConfig = &tls.Config{
+				MinVersion:         tls.VersionTLS12,
+				InsecureSkipVerify: conf.TLS.Insecure,
+			}
 		}
 		return &opt
 	}
@@ -46,7 +52,10 @@ func NewRedisAsynq(conf *config.Redis, db int) asynq.RedisConnOpt {
 			DB:               db,
 		}
 		if conf.TLS.Enabled {
-			opt.TLSConfig = &tls.Config{InsecureSkipVerify: conf.TLS.Insecure}
+			opt.TLSConfig = &tls.Config{
+				MinVersion:         tls.VersionTLS12,
+				InsecureSkipVerify: conf.TLS.Insecure,
+			}
 		}
 		return &opt
 	}
@@ -57,7 +66,10 @@ func NewRedisAsynq(conf *config.Redis, db int) asynq.RedisConnOpt {
 		Password: conf.Password,
 	}
 	if conf.TLS.Enabled {
-		opt.TLSConfig = &tls.Config{InsecureSkipVerify: conf.TLS.Insecure}
+		opt.TLSConfig = &tls.Config{
+			MinVersion:         tls.VersionTLS12,
+			InsecureSkipVerify: conf.TLS.Insecure,
+		}
 	}
 	return &opt
 }