README.md: Fixed typo

main.go: Added error for unknown TLS min versions main.go: Changed CurvePreferences in TLS config to Go default main.go: Removed handling for TLS min versions 1.0 and 1.1 Signed-off-by: darkspir <forgejo.darkspir@teemitmil.ch>
2025-12-07 09:36:13 -08:00 · 2025-02-08 12:18:16 +01:00
parent ba80de0de0
commit 99a88c3bf2
2 changed files with 2 additions and 9 deletions
--- a/README.md
+++ b/README.md
@@ -49,7 +49,7 @@ Flags:
      --tls                    turn on TLS support
      --tls-cert string        TLS certificate path
      --tls-key string         TLS key path
-      --tls-min-ver string     TLS min version (default: 1.2) (default "1.2")
+      --tls-min-ver string     TLS min version (default: 1.2)
  -v, --version                version for rest-server
 ```

--- a/cmd/rest-server/main.go
+++ b/cmd/rest-server/main.go
@@ -167,7 +167,6 @@ func (app *restServerApp) runRoot(cmd *cobra.Command, args []string) error {

 	tlscfg := &tls.Config{
 		MinVersion:       tls.VersionTLS12,
-		CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 		CipherSuites: []uint16{
 			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -178,18 +177,12 @@ func (app *restServerApp) runRoot(cmd *cobra.Command, args []string) error {
 		},
 	}
 	switch app.Server.TLSMinVer {
-	case "1.0":
-		// Only available with GODEBUG="tls10server=1"
-		tlscfg.MinVersion = tls.VersionTLS10
-	case "1.1":
-		// Only available with GODEBUG="tls10server=1"
-		tlscfg.MinVersion = tls.VersionTLS11
 	case "1.2":
 		tlscfg.MinVersion = tls.VersionTLS12
 	case "1.3":
 		tlscfg.MinVersion = tls.VersionTLS13
 	default:
-		tlscfg.MinVersion = tls.VersionTLS12
+		return fmt.Errorf("Unsupported TLS min version: %s", app.Server.TLSMinVer)
 	}

 	srv := &http.Server{