fix(tls): downgrade minimum version to TLS 1.2 to avoid proxy problems EE-3152 (#6909)

2025-07-24 15:59:41 +02:00 · 2022-05-10 15:33:53 -03:00 · 2022-05-10 15:33:53 -03:00 · ad7545f009
commit ad7545f009
parent 5df30b9eb0
1 changed files with 12 additions and 1 deletions
--- a/api/crypto/tls.go
+++ b/api/crypto/tls.go
@ -9,7 +9,18 @@ import (
 // CreateServerTLSConfiguration creates a basic tls.Config to be used by servers with recommended TLS settings
 func CreateServerTLSConfiguration() *tls.Config {
 	return &tls.Config{
-		MinVersion: tls.VersionTLS13,
+		MinVersion: tls.VersionTLS12,
+		CipherSuites: []uint16{
+			tls.TLS_AES_128_GCM_SHA256,
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		},
 	}
 }