471 "Authorization": "Basic " + basicAuth(appName, config.Tokens(ctx).Docker()),
472 }),
473 dockerclient.WithDialContext(func(ctx context.Context, network, addr string) (net.Conn, error) {
474 return tls.Dial("tcp", parsedHostUrl.Host+":443", &tls.Config{})475 }),
476 }
477
233 client := &http.Client{
234 Transport: &http.Transport{
235 DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
236 return tls.Dial("tcp", fmt.Sprintf("%s.fly.dev:443", app.Name), &tls.Config{})237 },
238 },
239 }
Insecure configuration of TLS connection settings. Refer to the occurrence to understand the exact misconfiguration.
The following configurations are flagged by our systems:
InsecureSkipVerify
set to true
in TLS config -- https://golang.org/pkg/crypto/tls/#ConfigMinVersion
or MaxVersion
too low.Refer to this compatibility document before making changes -- https://wiki.mozilla.org/Security/ServerSideTLS#Modern_compatibility
// Insecure minimum version
package main
import "crypto/tls"
func main() {
config := &tls.Config{MinVersion: 0}
...
}
package main
import "crypto/tls"
func saferTLSConfig() {
config := &tls.Config{}
config.MinVersion = tls.VersionTLS12
config.MaxVersion = tls.VersionTLS13
// (or)
config.MaxVersion = 0 // GOOD: Setting MaxVersion to 0 means that the highest version available in the package will be used.
}