From d4f73cf40aed7acd08ff61af32b014fd69370af5 Mon Sep 17 00:00:00 2001
From: Ed Warnicke <hagbard@gmail.com>
Date: Sun, 15 May 2022 14:38:32 -0500
Subject: [PATCH] Set minumum TLS version to 1.2

Signed-off-by: Ed Warnicke <hagbard@gmail.com>
---
 internal/imports/gen.go           |  2 +-
 internal/imports/imports_linux.go |  1 +
 main.go                           | 14 ++++++++------
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/internal/imports/gen.go b/internal/imports/gen.go
index d4eafe4..9c4e13d 100644
--- a/internal/imports/gen.go
+++ b/internal/imports/gen.go
@@ -18,5 +18,5 @@
 package imports
 
 //go:generate bash -c "rm -rf imports*.go"
-//go:generate bash -c "cd $(mktemp -d) && GO111MODULE=on go get github.com/edwarnicke/imports-gen@v1.1.2"
+//go:generate bash -c "cd $(mktemp -d) && GO111MODULE=on go install github.com/edwarnicke/imports-gen@v1.1.2"
 //go:generate bash -c "GOOS=linux ${GOPATH}/bin/imports-gen"
diff --git a/internal/imports/imports_linux.go b/internal/imports/imports_linux.go
index c21dfc1..85fdfe8 100644
--- a/internal/imports/imports_linux.go
+++ b/internal/imports/imports_linux.go
@@ -3,6 +3,7 @@ package imports
 
 import (
 	_ "context"
+	_ "crypto/tls"
 	_ "fmt"
 	_ "git.fd.io/govpp.git/api"
 	_ "github.com/antonfisher/nested-logrus-formatter"
diff --git a/main.go b/main.go
index 8435056..23ce4da 100644
--- a/main.go
+++ b/main.go
@@ -21,6 +21,7 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 
 	"github.com/google/uuid"
@@ -232,6 +233,11 @@ func main() {
 	}
 	log.FromContext(ctx).Infof("SVID: %q", svid.ID)
 
+	tlsClientConfig := tlsconfig.MTLSClientConfig(source, source, tlsconfig.AuthorizeAny())
+	tlsClientConfig.MinVersion = tls.VersionTLS12
+	tlsServerConfig := tlsconfig.MTLSServerConfig(source, source, tlsconfig.AuthorizeAny())
+	tlsServerConfig.MinVersion = tls.VersionTLS12
+
 	// ********************************************************************************
 	log.FromContext(ctx).Infof("executing phase 5: create vl3-nse")
 	// ********************************************************************************
@@ -262,9 +268,7 @@ func main() {
 		),
 		grpc.WithTransportCredentials(
 			grpcfd.TransportCredentials(
-				credentials.NewTLS(
-					tlsconfig.MTLSClientConfig(source, source, tlsconfig.AuthorizeAny()),
-				),
+				credentials.NewTLS(tlsClientConfig),
 			),
 		),
 	)
@@ -371,9 +375,7 @@ func createVl3Endpoint(ctx context.Context, config *Config, vppConn vpphelper.Co
 		tracing.WithTracing(),
 		grpc.Creds(
 			grpcfd.TransportCredentials(
-				credentials.NewTLS(
-					tlsconfig.MTLSServerConfig(source, source, tlsconfig.AuthorizeAny()),
-				),
+				credentials.NewTLS(tlsServerConfig),
 			),
 		),
 	)