Details
-
Improvement
-
Resolution: Fixed
-
Major
-
None
-
Security Level: Public
-
None
-
CBG Sprint 70
-
1
Description
Was done in Server as MB-41794, might be worth considering bumping ours too, which is currently still at TLS1.0 - we chose the TLS1.0 default instead of TLS1.2 to align with Server at the time.
This config setting controls the publicly facing HTTP APIs when served with TLS (not related to any kind of connection to Server).
Compatibility: with browsers/mobile platforms can be found here:
https://support.globalsign.com/ssl/general-ssl/tls-protocol-compatibility
- Android 5+ (2014) - CBL 2.6 was the last release to have deprecated support for Android 4/API 19, so that's our last potential "partial" compatibility.
- iOS 5+ (2011) - CBL 2.0+ requires iOS 9
Regardless of this compatibility, the min TLS version can still be lowered back down to TLS 1.0 via tls_minimum_version=tlsv1 if customers have a requirement to use unsupported devices.
Implementation: bump this const to tls.VersionTLS12!
config.go:46 |
const DefaultMinimumTLSVersionConst = tls.VersionTLS10 |
Attachments
Issue Links
- relates to
-
-
- Done
-