From 349b2d61b0e82efda4f713e5d6f2c31f3fa9ff1c Mon Sep 17 00:00:00 2001
From: Izabela Gomes <igomes@vmware.com>
Date: Fri, 2 Jun 2023 22:15:39 -0400
Subject: [PATCH] Change minimum TLS version to 1.3 for internal encryption
 (between activator and queue-proxy) (#13887)

* change mininum TLS version for when internal encryption is activated

* revert tls1.3 for activator - main.go
---
 pkg/activator/certificate/cache.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/activator/certificate/cache.go b/pkg/activator/certificate/cache.go
index 699ace5cc63b..500e417b85b1 100644
--- a/pkg/activator/certificate/cache.go
+++ b/pkg/activator/certificate/cache.go
@@ -103,7 +103,7 @@ func (cr *CertCache) updateCache(secret *corev1.Secret) {
 
 	cr.TLSConf.RootCAs = pool
 	cr.TLSConf.ServerName = certificates.LegacyFakeDnsName
-	cr.TLSConf.MinVersion = tls.VersionTLS12
+	cr.TLSConf.MinVersion = tls.VersionTLS13
 }
 
 func (cr *CertCache) handleCertificateUpdate(_, new interface{}) {