diff --git a/cmd/osbuild-auth-tests/main_test.go b/cmd/osbuild-auth-tests/main_test.go index a5b2c884f..97da2bddc 100644 --- a/cmd/osbuild-auth-tests/main_test.go +++ b/cmd/osbuild-auth-tests/main_test.go @@ -42,6 +42,7 @@ func createTLSConfig(config *connectionConfig) (*tls.Config, error) { return &tls.Config{ RootCAs: roots, Certificates: []tls.Certificate{cert}, + MinVersion: tls.VersionTLS12, }, nil } diff --git a/cmd/osbuild-composer/composer.go b/cmd/osbuild-composer/composer.go index 49b0cf710..051c51383 100644 --- a/cmd/osbuild-composer/composer.go +++ b/cmd/osbuild-composer/composer.go @@ -348,6 +348,7 @@ func createTLSConfig(c *connectionConfig) (*tls.Config, error) { Certificates: []tls.Certificate{cert}, ClientAuth: c.ClientAuth, ClientCAs: roots, + MinVersion: tls.VersionTLS12, VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { for _, chain := range verifiedChains { for _, domain := range c.AllowedDomains { diff --git a/cmd/osbuild-koji-tests/main_test.go b/cmd/osbuild-koji-tests/main_test.go index 5afb46dd8..002a82d9e 100644 --- a/cmd/osbuild-koji-tests/main_test.go +++ b/cmd/osbuild-koji-tests/main_test.go @@ -45,6 +45,7 @@ func TestKojiRefund(t *testing.T) { transport.TLSClientConfig = &tls.Config{ RootCAs: certPool, + MinVersion: tls.VersionTLS12, } // login @@ -105,6 +106,7 @@ func TestKojiImport(t *testing.T) { transport.TLSClientConfig = &tls.Config{ RootCAs: certPool, + MinVersion: tls.VersionTLS12, } // login diff --git a/cmd/osbuild-worker/jobimpl-koji-finalize.go b/cmd/osbuild-worker/jobimpl-koji-finalize.go index 9754cc5a8..41a5808f7 100644 --- a/cmd/osbuild-worker/jobimpl-koji-finalize.go +++ b/cmd/osbuild-worker/jobimpl-koji-finalize.go @@ -28,6 +28,7 @@ func (impl *KojiFinalizeJobImpl) kojiImport( transport := http.DefaultTransport.(*http.Transport).Clone() transport.TLSClientConfig = &tls.Config{ Renegotiation: tls.RenegotiateOnceAsClient, + MinVersion: tls.VersionTLS12, } serverURL, err := url.Parse(server) @@ -65,6 +66,7 @@ func (impl *KojiFinalizeJobImpl) kojiFail(server string, buildID int, token stri transport := http.DefaultTransport.(*http.Transport).Clone() transport.TLSClientConfig = &tls.Config{ Renegotiation: tls.RenegotiateOnceAsClient, + MinVersion: tls.VersionTLS12, } serverURL, err := url.Parse(server) diff --git a/cmd/osbuild-worker/jobimpl-koji-init.go b/cmd/osbuild-worker/jobimpl-koji-init.go index 21d54b506..f85696e44 100644 --- a/cmd/osbuild-worker/jobimpl-koji-init.go +++ b/cmd/osbuild-worker/jobimpl-koji-init.go @@ -21,6 +21,7 @@ func (impl *KojiInitJobImpl) kojiInit(server, name, version, release string) (st transport := http.DefaultTransport.(*http.Transport).Clone() transport.TLSClientConfig = &tls.Config{ Renegotiation: tls.RenegotiateOnceAsClient, + MinVersion: tls.VersionTLS12, } serverURL, err := url.Parse(server) diff --git a/cmd/osbuild-worker/jobimpl-osbuild-koji.go b/cmd/osbuild-worker/jobimpl-osbuild-koji.go index 46ce1016b..7f60650ce 100644 --- a/cmd/osbuild-worker/jobimpl-osbuild-koji.go +++ b/cmd/osbuild-worker/jobimpl-osbuild-koji.go @@ -28,6 +28,7 @@ func (impl *OSBuildKojiJobImpl) kojiUpload(file *os.File, server, directory, fil transport := http.DefaultTransport.(*http.Transport).Clone() transport.TLSClientConfig = &tls.Config{ Renegotiation: tls.RenegotiateOnceAsClient, + MinVersion: tls.VersionTLS12, } serverURL, err := url.Parse(server) diff --git a/cmd/osbuild-worker/main.go b/cmd/osbuild-worker/main.go index 922fd6126..39de47d13 100644 --- a/cmd/osbuild-worker/main.go +++ b/cmd/osbuild-worker/main.go @@ -60,6 +60,7 @@ func createTLSConfig(config *connectionConfig) (*tls.Config, error) { return &tls.Config{ RootCAs: roots, Certificates: certs, + MinVersion: tls.VersionTLS12, }, nil }