added cipher it insecure

dell · Jun 6, 2024 · 0e63ffc · 0e63ffc
1 parent c36cd2e
commit 0e63ffc
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/cmd/sidecar-proxy/main.go b/cmd/sidecar-proxy/main.go
@@ -112,6 +112,9 @@ func (pi *ProxyInstance) Start(proxyHost, access, refresh string) error {
 		pi.rp.Transport = &http.Transport{
 			TLSClientConfig: &tls.Config{
 				InsecureSkipVerify: true,
+				MinVersion:         tls.VersionTLS12,
+				MaxVersion:         tls.VersionTLS13,
+				CipherSuites:       GetSecuredCipherSuites(),
 			},
 		}
 	} else {
@@ -274,6 +277,9 @@ func run(log *logrus.Entry) error {
 	tlsConfig := &tls.Config{
 		Certificates:       []tls.Certificate{tlsCert},
 		InsecureSkipVerify: true, // #nosec G402
+		MinVersion:         tls.VersionTLS12,
+		MaxVersion:         tls.VersionTLS13,
+		CipherSuites:       GetSecuredCipherSuites(),
 	}
 
 	var proxyInstances []*ProxyInstance
@@ -345,6 +351,9 @@ func refreshTokens(proxyHost url.URL, refreshToken string, accessToken *string,
 		httpClient.Transport = &http.Transport{
 			TLSClientConfig: &tls.Config{
 				InsecureSkipVerify: true,
+				MinVersion:         tls.VersionTLS12,
+				MaxVersion:         tls.VersionTLS13,
+				CipherSuites:       GetSecuredCipherSuites(),
 			},
 		}
 	} else {
@@ -462,4 +471,4 @@ func GetSecuredCipherSuites() (suites []uint16) {
 		suites = append(suites, v.ID)
 	}
 	return suites
-}
+}