Avoid fallback to SSL protocols < TLS1.0

Signed-off-by: Tibor Vass <teabee89@gmail.com> Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh) Upstream-commit: 7a062b2b8f7751fbb926e6ddc9f7df8a1b281eb6 Component: engine
2014-10-15 22:39:51 -04:00
parent f5ae3b0b1b
commit 8091e3851f
3 changed files with 9 additions and 1 deletions
--- a/components/engine/api/server/server.go
+++ b/components/engine/api/server/server.go
@ -1439,6 +1439,8 @@ func ListenAndServe(proto, addr string, job *engine.Job) error {
 		tlsConfig := &tls.Config{
 			NextProtos:   []string{"http/1.1"},
 			Certificates: []tls.Certificate{cert},
+			// Avoid fallback on insecure SSL protocols
+			MinVersion: tls.VersionTLS10,
 		}
 		if job.GetenvBool("TlsVerify") {
 			certPool := x509.NewCertPool()