From 99a88c3bf27b6c37fa618056fdea7c6a41450d3f Mon Sep 17 00:00:00 2001
From: darkspir <forgejo.darkspir@teemitmil.ch>
Date: Sat, 8 Feb 2025 12:18:16 +0100
Subject: [PATCH] README.md: Fixed typo

main.go: Added error for unknown TLS min versions

main.go: Changed CurvePreferences in TLS config to Go default

main.go: Removed handling for TLS min versions 1.0 and 1.1

Signed-off-by: darkspir <forgejo.darkspir@teemitmil.ch>
---
 README.md               | 2 +-
 cmd/rest-server/main.go | 9 +--------
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index d09340a..12f6b18 100644
--- a/README.md
+++ b/README.md
@@ -49,7 +49,7 @@ Flags:
       --tls                    turn on TLS support
       --tls-cert string        TLS certificate path
       --tls-key string         TLS key path
-      --tls-min-ver string     TLS min version (default: 1.2) (default "1.2")
+      --tls-min-ver string     TLS min version (default: 1.2)
   -v, --version                version for rest-server
 ```
 
diff --git a/cmd/rest-server/main.go b/cmd/rest-server/main.go
index df927ed..d1d2216 100644
--- a/cmd/rest-server/main.go
+++ b/cmd/rest-server/main.go
@@ -167,7 +167,6 @@ func (app *restServerApp) runRoot(cmd *cobra.Command, args []string) error {
 
 	tlscfg := &tls.Config{
 		MinVersion:       tls.VersionTLS12,
-		CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 		CipherSuites: []uint16{
 			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -178,18 +177,12 @@ func (app *restServerApp) runRoot(cmd *cobra.Command, args []string) error {
 		},
 	}
 	switch app.Server.TLSMinVer {
-	case "1.0":
-		// Only available with GODEBUG="tls10server=1"
-		tlscfg.MinVersion = tls.VersionTLS10
-	case "1.1":
-		// Only available with GODEBUG="tls10server=1"
-		tlscfg.MinVersion = tls.VersionTLS11
 	case "1.2":
 		tlscfg.MinVersion = tls.VersionTLS12
 	case "1.3":
 		tlscfg.MinVersion = tls.VersionTLS13
 	default:
-		tlscfg.MinVersion = tls.VersionTLS12
+		return fmt.Errorf("Unsupported TLS min version: %s", app.Server.TLSMinVer)
 	}
 
 	srv := &http.Server{