pkg/server: add a note on disallowing tls 1.1/1.0

Co-Authored-By: Colin Walters <[email protected]> Signed-off-by: Antonio Murdaca <[email protected]>
openshift · Apr 24, 2020 · b3d27cd · b3d27cd
1 parent 0312cb0
commit b3d27cd
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/pkg/server/api.go b/pkg/server/api.go
@@ -47,6 +47,7 @@ func (a *APIServer) Serve() {
 	mcs := &http.Server{
 		Addr:    fmt.Sprintf(":%v", a.port),
 		Handler: a.handler,
+		// We don't want to allow 1.1 as that's old.  This was flagged in a security audit.
 		TLSConfig: &tls.Config{
 			MinVersion: tls.VersionTLS12,
 		},