Enforce TLS 1.2 minimum

2025-07-19 13:19:43 +02:00 · 2021-03-16 13:58:27 -04:00 · 2021-03-16 13:58:27 -04:00 · adb7b4d7bf
commit adb7b4d7bf
parent 66fcb77d8b
5 changed files with 1081 additions and 1031 deletions
--- a/build.sh
+++ b/build.sh
@ -43,6 +43,7 @@ mkdir -p embed/bindata/onboard
 cp -r domain/onboard/*.json embed/bindata/onboard
 echo "Generating in-memory static assets..."
 export PATH=$PATH:~/go/bin
 # go get -u github.com/jteeuwen/go-bindata/...
 # go get -u github.com/elazarl/go-bindata-assetfs/...
 cd embed
--- a/embed/bindata.go
+++ b/embed/bindata.go
--- a/go.mod
+++ b/go.mod
@ -1,6 +1,6 @@
 module github.com/documize/community
-go 1.13
+go 1.16
 require (
 	cloud.google.com/go v0.57.0 // indirect
--- a/server/server.go
+++ b/server/server.go
@ -12,6 +12,7 @@
 package server
 import (
 	"crypto/tls"
 	"fmt"
 	"net/http"
 	"strings"
@ -122,7 +123,11 @@ func Start(rt *env.Runtime, s *store.Store, ready chan struct{}) {
 		rt.Log.Info("Web Server: starting SSL server on " + rt.Flags.HTTPPort + " with " + rt.Flags.SSLCertFile + " " + rt.Flags.SSLKeyFile)
-		server := &http.Server{Addr: ":" + rt.Flags.HTTPPort, Handler: n /*, TLSConfig: myTLSConfig*/}
+		cfg := &tls.Config{
 			MinVersion: tls.VersionTLS12,
 		}
 		server := &http.Server{Addr: ":" + rt.Flags.HTTPPort, Handler: n, TLSConfig: cfg}
 		server.SetKeepAlivesEnabled(true)
 		if err := server.ListenAndServeTLS(rt.Flags.SSLCertFile, rt.Flags.SSLKeyFile); err != nil {
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -1,29 +1,44 @@
 # cloud.google.com/go v0.57.0
 ## explicit
 # github.com/BurntSushi/toml v0.3.1
 ## explicit
 github.com/BurntSushi/toml
 # github.com/andygrunwald/go-jira v1.12.0
 ## explicit
 github.com/andygrunwald/go-jira
 # github.com/apache/thrift v0.12.0
 ## explicit
 # github.com/codegangsta/negroni v1.0.0
 ## explicit
 github.com/codegangsta/negroni
 # github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc
 ## explicit
 github.com/denisenkom/go-mssqldb
 github.com/denisenkom/go-mssqldb/internal/cp
 github.com/denisenkom/go-mssqldb/internal/decimal
 github.com/denisenkom/go-mssqldb/internal/querytext
 # github.com/dgrijalva/jwt-go v3.2.0+incompatible
 ## explicit
 github.com/dgrijalva/jwt-go
 # github.com/documize/blackfriday v2.0.0+incompatible
 ## explicit
 github.com/documize/blackfriday
 # github.com/documize/glick v0.0.0-20160503134043-a8ccbef88237
 ## explicit
 github.com/documize/glick
 # github.com/documize/html-diff v0.0.0-20160503140253-f61c192c7796
 ## explicit
 github.com/documize/html-diff
 # github.com/documize/slug v1.1.1
 ## explicit
 github.com/documize/slug
 # github.com/elazarl/go-bindata-assetfs v1.0.0
 ## explicit
 github.com/elazarl/go-bindata-assetfs
 # github.com/fatih/structs v1.0.0
 github.com/fatih/structs
 # github.com/go-sql-driver/mysql v1.5.0
 ## explicit
 github.com/go-sql-driver/mysql
 # github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe
 github.com/golang-sql/civil
@ -32,45 +47,68 @@ github.com/golang/glog
 # github.com/golang/protobuf v1.4.0
 github.com/golang/protobuf/proto
 # github.com/google/go-github v17.0.0+incompatible
 ## explicit
 github.com/google/go-github/github
 # github.com/google/go-querystring v1.0.0
 ## explicit
 github.com/google/go-querystring/query
 # github.com/gorilla/handlers v1.4.2
 ## explicit
 github.com/gorilla/handlers
 # github.com/gorilla/mux v1.7.4
 ## explicit
 github.com/gorilla/mux
 # github.com/jmoiron/sqlx v1.2.0
 ## explicit
 github.com/jmoiron/sqlx
 github.com/jmoiron/sqlx/reflectx
 # github.com/jteeuwen/go-bindata v3.0.7+incompatible
 ## explicit
 # github.com/kr/pretty v0.2.0
 ## explicit
 # github.com/lib/pq v1.5.2
 ## explicit
 github.com/lib/pq
 github.com/lib/pq/oid
 github.com/lib/pq/scram
 # github.com/mb0/diff v0.0.0-20131118162322-d8d9a906c24d
 ## explicit
 github.com/mb0/diff
 # github.com/microcosm-cc/bluemonday v1.0.2
 ## explicit
 github.com/microcosm-cc/bluemonday
 # github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
 ## explicit
 github.com/nu7hatch/gouuid
 # github.com/openzipkin/zipkin-go v0.1.6
 ## explicit
 # github.com/pkg/errors v0.9.1
 ## explicit
 github.com/pkg/errors
 # github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829
 ## explicit
 # github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be
 ## explicit
 github.com/rainycape/unidecode
 # github.com/shurcooL/sanitized_anchor_name v1.0.0
 ## explicit
 github.com/shurcooL/sanitized_anchor_name
 # github.com/trivago/tgo v1.0.1
 github.com/trivago/tgo/tcontainer
 github.com/trivago/tgo/treflect
 # golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37
 ## explicit
 golang.org/x/crypto/bcrypt
 golang.org/x/crypto/blowfish
 golang.org/x/crypto/md4
 # golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2
 ## explicit
 golang.org/x/net/context
 golang.org/x/net/context/ctxhttp
 golang.org/x/net/html
 golang.org/x/net/html/atom
 # golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 ## explicit
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
 # google.golang.org/appengine v1.6.6
@ -110,12 +148,18 @@ google.golang.org/protobuf/reflect/protoregistry
 google.golang.org/protobuf/runtime/protoiface
 google.golang.org/protobuf/runtime/protoimpl
 # gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc
 ## explicit
 gopkg.in/alexcesaro/quotedprintable.v3
 # gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d
 gopkg.in/asn1-ber.v1
 # gopkg.in/cas.v2 v2.1.0
 ## explicit
 gopkg.in/cas.v2
 # gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127
 ## explicit
 # gopkg.in/ldap.v3 v3.1.0
 ## explicit
 gopkg.in/ldap.v3
 # gopkg.in/yaml.v2 v2.2.2
 ## explicit
 gopkg.in/yaml.v2