124 }
125
126 t := common.NewDefaultTransport()
127 t.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}128
129 proxy.Transport = t
130
19 }
20
21 if common.DefaultBool(opts.TLS, false) {
22 cn = tls.Client(cn, &tls.Config{})23 }
24
25 if err := common.Pipe(cn, rw); err != nil {
27 t := NewDefaultTransport()
28
29 t.TLSClientConfig = &tls.Config{
30 InsecureSkipVerify: true,31 }
32
33 return &http.Client{Transport: t}
Insecure configuration of TLS connection settings. Refer to the occurrence to understand the exact misconfiguration.
The following configurations are flagged by our systems:
InsecureSkipVerify
set to true
in TLS config -- https://golang.org/pkg/crypto/tls/#ConfigMinVersion
or MaxVersion
too low.Refer to this compatibility document before making changes -- https://wiki.mozilla.org/Security/ServerSideTLS#Modern_compatibility
// Insecure minimum version
package main
import "crypto/tls"
func main() {
config := &tls.Config{MinVersion: 0}
...
}
package main
import "crypto/tls"
func saferTLSConfig() {
config := &tls.Config{}
config.MinVersion = tls.VersionTLS12
config.MaxVersion = tls.VersionTLS13
// (or)
config.MaxVersion = 0 // GOOD: Setting MaxVersion to 0 means that the highest version available in the package will be used.
}