MinVersion
is missing from this TLS configuration GO-S1020MinVersion
is missing from this TLS configuration. As the default value is
TLS 1.0, which is considered insecure, it is recommended to explicitly set the
MinVersion
to a secure version of TLS, such as VersionTLS13
.
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
KeyLogWriter: w,
Rand: rand{},
InsecureSkipVerify: true,
},
},
}
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
KeyLogWriter: w,
MinVersion: tls.VersionTLS13, // min version set
Rand: rand{},
InsecureSkipVerify: true,
},
},
}