MinVersion
is missing from this TLS configuration: tls.Config235 client := &http.Client{
236 Transport: &http.Transport{
237 DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
238 return tls.Dial("tcp", fmt.Sprintf("%s.fly.dev:443", builderApp.Name), &tls.Config{})239 },
240 },
241 }
Description
MinVersion
is missing from this TLS configuration. As the default value is
TLS 1.0, which is considered insecure, it is recommended to explicitly set the
MinVersion
to a secure version of TLS, such as VersionTLS13
.
Bad practice
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
KeyLogWriter: w,
Rand: rand{},
InsecureSkipVerify: true,
},
},
}
Recommended
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
KeyLogWriter: w,
MinVersion: tls.VersionTLS13, // min version set
Rand: rand{},
InsecureSkipVerify: true,
},
},
}